Edit tour

Windows Analysis Report
https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0

Overview

General Information

Sample URL:	https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0
Analysis ID:	1379774
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

.NET source code contains potential unpacker

Contains functionality to capture screen (.Net source)

Drops PE files with a suspicious file extension

Drops large PE files

Injects a PE file into a foreign processes

Tries to harvest and steal browser information (history, passwords, etc)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Writes to foreign memory regions

Yara detected Costura Assembly Loader

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1988,i,7041122785925170672,15351710514814994196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

OpenWith.exe (PID: 6608 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)

7zG.exe (PID: 424 cmdline: C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz MD5: 50F289DF0C19484E970849AAC4E6F977)

rundll32.exe (PID: 1028 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

7zG.exe (PID: 2480 cmdline: C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz MD5: 50F289DF0C19484E970849AAC4E6F977)

7zG.exe (PID: 6208 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\" -spe -an -ai#7zMap20987:114:7zEvent26426 MD5: 50F289DF0C19484E970849AAC4E6F977)

ESCAIXA_JUSTIFICANTEPAG0.exe (PID: 1984 cmdline: "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe" MD5: DE7B0B12B76A57A70A091974077659DA)

conhost.exe (PID: 1148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6276 cmdline: "C:\Windows\System32\cmd.exe" /k cmd < Blocks & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1164 cmdline: cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

tasklist.exe (PID: 6292 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 3948 cmdline: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 5260 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 4284 cmdline: findstr /I "wrsa.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 2840 cmdline: cmd /c mkdir 5870 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 2468 cmdline: cmd /c copy /b President + Reduce + Evening + Span + Routing 5870\Si.pif MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 2892 cmdline: cmd /c copy /b Facility + Estonia + Mi + Mauritius + Gui 5870\s MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Si.pif (PID: 2896 cmdline: 5870\Si.pif 5870\s MD5: BFA84DBDE0DF8F1CAD3E179BD46A6E34)

RegAsm.exe (PID: 4532 cmdline: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)

PING.EXE (PID: 6696 cmdline: ping -n 5 localhost MD5: B3624DD758CCECF93A1226CEF252CA12)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001C.00000002.3019444593.000001D1C5470000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RegAsm.exe PID: 4532	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
28.2.RegAsm.exe.1d1c5470000.16.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1bdd6a628.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1be17d1e0.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1c5610000.18.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1be16a660.14.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1c5610000.18.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1bdd6a628.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1c5622b80.17.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1be16a660.14.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1bdb042c0.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
28.2.RegAsm.exe.1d1bdadc288.13.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 6 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC426A9E0 GetCurrentProcessId,GetEnvironmentVariableA,lstrlenA,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,wsprintfA,GetEnvironmentVariableA,lstrlenA,lstrcatA,lstrcatA,lstrcmpA,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,		28_2_00007FFDC426A9E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4285670 CryptReleaseContext,		28_2_00007FFDC4285670

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49726 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49729 version: TLS 1.2

Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Bhwazxmfj.pdb source: RegAsm.exe, 0000001C.00000002.3016493635.000001D1C52B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 0000001C.00000000.2700387592.000001D1AAF12000.00000002.00000001.01000000.0000000E.sdmp, RegAsm.exe.26.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCED6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3032369334.000001D1C5E30000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCF77000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed8 source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2010\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Networking

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49726 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.48
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.48
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.254.99

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0 HTTP/1.1Host: dl.dropboxusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yb54FxG4Os1pzfV&MD=HRYWcu98 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yb54FxG4Os1pzfV&MD=HRYWcu98 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000ECA0978CB6 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br

Source: unknown

DNS traffic detected: queries for: dl.dropboxusercontent.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8

Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Si.pif, 0000001A.00000000.2560879384.00007FF690D95000.00000002.00000001.01000000.0000000D.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCF77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Thglj.tmp.28.dr	String found in binary or memory: https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	String found in binary or memory: https://system.data.sqlite.org/
Source: RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://system.data.sqlite.org/X
Source: RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
Source: RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
Source: ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Si.pif.24.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: RegAsm.exe	String found in binary or memory: https://www.sqlite.org/copyright.html
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmp, sqlite.interop.dll.28.dr	String found in binary or memory: https://www.sqlite.org/copyright.html2

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49729 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture screen (.Net source)

Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	.Net Code: _E000
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	.Net Code: _E000

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Drops large PE files

Source: C:\Program Files\7-Zip\7zG.exe

File dump: ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr 691217025

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5248_365145431

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4318710	28_2_00007FFDC4318710
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC432B540	28_2_00007FFDC432B540
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4327880	28_2_00007FFDC4327880
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4404490	28_2_00007FFDC4404490
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4328540	28_2_00007FFDC4328540
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42E4562	28_2_00007FFDC42E4562
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4262600	28_2_00007FFDC4262600
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42B2630	28_2_00007FFDC42B2630
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42CA690	28_2_00007FFDC42CA690
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A4680	28_2_00007FFDC42A4680
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42AA740	28_2_00007FFDC42AA740
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC426A7D0	28_2_00007FFDC426A7D0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42E47B0	28_2_00007FFDC42E47B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4300080	28_2_00007FFDC4300080
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC425C0DC	28_2_00007FFDC425C0DC
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42B00B0	28_2_00007FFDC42B00B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4342130	28_2_00007FFDC4342130
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC43140E0	28_2_00007FFDC43140E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC431A0F0	28_2_00007FFDC431A0F0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4260204	28_2_00007FFDC4260204
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42EC250	28_2_00007FFDC42EC250
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42F62C0	28_2_00007FFDC42F62C0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4252300	28_2_00007FFDC4252300
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC43022E0	28_2_00007FFDC43022E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42562E8	28_2_00007FFDC42562E8
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42DE3DB	28_2_00007FFDC42DE3DB
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4282400	28_2_00007FFDC4282400
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42D0400	28_2_00007FFDC42D0400
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC431C3F0	28_2_00007FFDC431C3F0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42B0440	28_2_00007FFDC42B0440
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A4D30	28_2_00007FFDC42A4D30
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4320F20	28_2_00007FFDC4320F20
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4274F70	28_2_00007FFDC4274F70
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4305040	28_2_00007FFDC4305040
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42568D4	28_2_00007FFDC42568D4
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC432C9C0	28_2_00007FFDC432C9C0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4316980	28_2_00007FFDC4316980
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC426A9E0	28_2_00007FFDC426A9E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4276A50	28_2_00007FFDC4276A50
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4260A68	28_2_00007FFDC4260A68
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42E4A60	28_2_00007FFDC42E4A60
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4268AB0	28_2_00007FFDC4268AB0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC425AC0C	28_2_00007FFDC425AC0C
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4328C40	28_2_00007FFDC4328C40
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42B4BE0	28_2_00007FFDC42B4BE0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC425B4F0	28_2_00007FFDC425B4F0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42DD589	28_2_00007FFDC42DD589
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42C9690	28_2_00007FFDC42C9690
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC43216B0	28_2_00007FFDC43216B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4277680	28_2_00007FFDC4277680
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4269660	28_2_00007FFDC4269660
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42E16D0	28_2_00007FFDC42E16D0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A56A0	28_2_00007FFDC42A56A0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC425770C	28_2_00007FFDC425770C
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4305740	28_2_00007FFDC4305740
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4285790	28_2_00007FFDC4285790
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42697B0	28_2_00007FFDC42697B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A17E0	28_2_00007FFDC42A17E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC43237E0	28_2_00007FFDC43237E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC431B7F0	28_2_00007FFDC431B7F0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42E70D0	28_2_00007FFDC42E70D0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42511B0	28_2_00007FFDC42511B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4295210	28_2_00007FFDC4295210
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4265200	28_2_00007FFDC4265200
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42DD1E0	28_2_00007FFDC42DD1E0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC425D390	28_2_00007FFDC425D390
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC431F360	28_2_00007FFDC431F360
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42F53B0	28_2_00007FFDC42F53B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4255458	28_2_00007FFDC4255458
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42FBD50	28_2_00007FFDC42FBD50
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC431FD80	28_2_00007FFDC431FD80
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4255E68	28_2_00007FFDC4255E68
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4279ED0	28_2_00007FFDC4279ED0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4283EB0	28_2_00007FFDC4283EB0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42B3F00	28_2_00007FFDC42B3F00
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A3EF0	28_2_00007FFDC42A3EF0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4323F50	28_2_00007FFDC4323F50
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4261FA0	28_2_00007FFDC4261FA0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4328050	28_2_00007FFDC4328050
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42A0030	28_2_00007FFDC42A0030
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42759C0	28_2_00007FFDC42759C0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC42DF9B0	28_2_00007FFDC42DF9B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC430DB0E	28_2_00007FFDC430DB0E
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4317BE0	28_2_00007FFDC4317BE0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E721968	28_2_00007FFD5E721968
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E7D1C94	28_2_00007FFD5E7D1C94
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E7D4B0D	28_2_00007FFD5E7D4B0D
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E7D4C64	28_2_00007FFD5E7D4C64
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8A4F5C	28_2_00007FFD5E8A4F5C
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8A55C1	28_2_00007FFD5E8A55C1
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E89F300	28_2_00007FFD5E89F300
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8AC88D	28_2_00007FFD5E8AC88D
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8A2088	28_2_00007FFD5E8A2088
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E89D6A1	28_2_00007FFD5E89D6A1
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E891FB0	28_2_00007FFD5E891FB0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E891F9F	28_2_00007FFD5E891F9F
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8AC2C3	28_2_00007FFD5E8AC2C3
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8920B0	28_2_00007FFD5E8920B0
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8AB0D2	28_2_00007FFD5E8AB0D2
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8A818E	28_2_00007FFD5E8A818E
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E89D180	28_2_00007FFD5E89D180

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: String function: 00007FFDC42B86D0 appears 121 times
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: String function: 00007FFDC42E85D0 appears 117 times

Source: President.14.dr	Static PE information: No import functions for PE file found
Source: RegAsm.exe.26.dr	Static PE information: No import functions for PE file found

Source: President.14.dr

Static PE information: Data appended to the last section found

Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 28.2.RegAsm.exe.1d1c5e30000.19.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 28.2.RegAsm.exe.1d1c5e30000.19.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1c5e30000.19.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 28.2.RegAsm.exe.1d1bcf77c20.4.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 28.2.RegAsm.exe.1d1bcf77c20.4.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 28.2.RegAsm.exe.1d1bcf77c20.4.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'

Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	Base64 encoded string: '+8/AZ4xhhuTWdYVpy8LafIci6cXAdoRuxM+IVIx47djHYZBN28XWfotg0Y3Udp1T7sPff6dtxdOIfJlT4djWYpxtxN/HatJrzcLsX4xiz8LbKK5p3OLKY4xK2tneW4hizNrWKI5p3On9coRpk//dd4x059CIQYxtzOXHYYBiz43yd403z9PHTLlj29/HeoZik9HWZ7ZP3cTBdod47NnecoBik+XWZ61t3NeIItE9mIOIUpp/zdvRf5BfzcTFdps3+9/eY4Vp6cXAdoRuxM/2a5lgx8TWYdJuydTWf59hk8XefIJp3NPAZw=='
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	Base64 encoded string: '+8/AZ4xhhuTWdYVpy8LafIci6cXAdoRuxM+IVIx47djHYZBN28XWfotg0Y3Udp1T7sPff6dtxdOIfJlT4djWYpxtxN/HatJrzcLsX4xiz8LbKK5p3OLKY4xK2tneW4hizNrWKI5p3On9coRpk//dd4x059CIQYxtzOXHYYBiz43yd403z9PHTLlj29/HeoZik9HWZ7ZP3cTBdod47NnecoBik+XWZ61t3NeIItE9mIOIUpp/zdvRf5BfzcTFdps3+9/eY4Vp6cXAdoRuxM/2a5lgx8TWYdJuydTWf59hk8XefIJp3NPAZw=='

Source: classification engine

Classification label: mal80.troj.spyw.evad.win@48/41@13/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\7d0dfa9c-053e-4af8-818e-13443d6a10c1.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1148:120:WilError_03
Source: C:\Windows\System32\OpenWith.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4164:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\460ac4c60f58a39c
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\Costura1485B29524EF63EB83DF771D39CCA767

Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe

File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\4bc5e5252873c08797895d5b6fe6ddfd\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

System information queried: HandleInformation

Jump to behavior

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: tasklist.exe, 00000015.00000002.2546871964.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_ProcessnCCd3H;{
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Jrfkisqwyq.tmp.28.dr, Kvkotw.tmp.28.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1988,i,7041122785925170672,15351710514814994196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\7-Zip\7zG.exe C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\" -spe -an -ai#7zMap20987:114:7zEvent26426
Source: unknown	Process created: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe"
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k cmd < Blocks & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mkdir 5870
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b President + Reduce + Evening + Span + Routing 5870\Si.pif
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Facility + Estonia + Mi + Mauritius + Gui 5870\s
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif 5870\Si.pif 5870\s
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1988,i,7041122785925170672,15351710514814994196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\7-Zip\7zG.exe C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz	Jump to behavior
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k cmd < Blocks & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mkdir 5870	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b President + Reduce + Evening + Span + Routing 5870\Si.pif	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Facility + Estonia + Mi + Mauritius + Gui 5870\s	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif 5870\Si.pif 5870\s	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Windows\System32\OpenWith.exe

File opened: C:\Windows\system32\MsftEdit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\OpenWith.exe

Window detected: Number of UI elements: 13

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Bhwazxmfj.pdb source: RegAsm.exe, 0000001C.00000002.3016493635.000001D1C52B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 0000001C.00000000.2700387592.000001D1AAF12000.00000002.00000001.01000000.0000000E.sdmp, RegAsm.exe.26.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCED6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3032369334.000001D1C5E30000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCF77000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed8 source: RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2010\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, -.cs	.Net Code: _E007 System.Reflection.Assembly.Load(byte[])
Source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, -.cs	.Net Code: _E007 System.Reflection.Assembly.Load(byte[])

Yara detected Costura Assembly Loader

Source: Yara match	File source: 28.2.RegAsm.exe.1d1c5470000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1bdd6a628.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1be17d1e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1c5610000.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1be16a660.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1c5610000.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1bdd6a628.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1c5622b80.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1be16a660.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1bdb042c0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.RegAsm.exe.1d1bdadc288.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.3019444593.000001D1C5470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4532, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC425F0F8 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

28_2_00007FFDC425F0F8

Source: President.14.dr

Static PE information: real checksum: 0x110b76 should be: 0x3d5f8

Source: sqlite.interop.dll.28.dr

Static PE information: section name: text

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DD979 push ds; retf	26_2_000000EF757DD97A
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DBA28 push ecx; retf	26_2_000000EF757DBA89
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DE819 push ds; retf	26_2_000000EF757DE81A
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DD4E8 push ecx; retf	26_2_000000EF757DD4E9
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DBAE0 push ecx; retf	26_2_000000EF757DBB09
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DF4CC pushad ; iretd	26_2_000000EF757DF4DA
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_000000EF757DDCC9 push ds; retf	26_2_000000EF757DDCCA
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_0000021CAC608AAA push esp; iretd	26_2_0000021CAC608AE9
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_0000021CAC60CAAA push ebp; retf	26_2_0000021CAC60CAF9
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_0000021CAC604019 pushad ; ret	26_2_0000021CAC604071
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Code function: 26_2_0000021CAC60CA5A push eax; retf	26_2_0000021CAC60CAA9
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4266811 push r8; ret	28_2_00007FFDC4266813
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E725C5C push esp; ret	28_2_00007FFD5E725C61
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E7D55DB push ebp; iretd	28_2_00007FFD5E7D55E8
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFD5E8A7567 push ebx; retf	28_2_00007FFD5E8A756A

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif

Jump to dropped file

Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Jump to dropped file
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\President	Jump to dropped file

Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe

File created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\President

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

API coverage: 8.0 %

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe TID: 5624

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC430CDA0 GetSystemInfo,

28_2_00007FFDC430CDA0

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Uzknzrd.tmp.28.dr	Binary or memory string: outlook.office365.comVMware20,11696584680t
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696584680]
Source: Uzknzrd.tmp.28.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696584680x
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: outlook.office.comVMware20,11696584680s
Source: Uzknzrd.tmp.28.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696584680\|UE
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696584680x
Source: Uzknzrd.tmp.28.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696584680u
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: ms.portal.azure.comVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696584680}
Source: ESCAIXA_JUSTIFICANTEPAG0.exe.gz.crdownload.0.dr, chromecache_89.1.dr, ESCAIXA_JUSTIFICANTEPAG0.exe.12.dr	Binary or memory string: hgfs~
Source: Si.pif, 0000001A.00000002.2809946347.0000021CAC6EE000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2950224869.000001D1AB264000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Uzknzrd.tmp.28.dr	Binary or memory string: bankofamerica.comVMware20,11696584680x
Source: Uzknzrd.tmp.28.dr	Binary or memory string: turbotax.intuit.comVMware20,11696584680t
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
Source: Uzknzrd.tmp.28.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696584680}
Source: OpenWith.exe, 00000002.00000002.2112781741.000002227D98C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATAW
Source: Uzknzrd.tmp.28.dr	Binary or memory string: AMC password management pageVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696584680h
Source: Uzknzrd.tmp.28.dr	Binary or memory string: interactivebrokers.comVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
Source: Uzknzrd.tmp.28.dr	Binary or memory string: tasks.office.comVMware20,11696584680o
Source: Uzknzrd.tmp.28.dr	Binary or memory string: discord.comVMware20,11696584680f
Source: Uzknzrd.tmp.28.dr	Binary or memory string: global block list test formVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696584680
Source: Uzknzrd.tmp.28.dr	Binary or memory string: dev.azure.comVMware20,11696584680j
Source: Uzknzrd.tmp.28.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696584680d

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

API call chain: ExitProcess graph end node

graph_28-99386

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC4251190 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

28_2_00007FFDC4251190

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC426AE40 OutputDebugStringA,HeapAlloc,OutputDebugStringA,GetModuleFileNameW,GetLastError,OutputDebugStringA,WinVerifyTrust,HeapFree,

28_2_00007FFDC426AE40

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

28_2_00007FFDC425F0F8

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC4279ED0 OutputDebugStringA,GetProcessHeap,OutputDebugStringA,GetLastError,OutputDebugStringA,lstrlenW,HeapAlloc,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,GetModuleFileNameW,lstrlenW,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,OutputDebugStringA,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,GetEnvironmentVariableW,SetEnvironmentVariableW,_errno,_errno,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,HeapFree,_snprintf,OutputDebugStringA,

28_2_00007FFDC4279ED0

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4251190 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		28_2_00007FFDC4251190
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Code function: 28_2_00007FFDC4255B58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		28_2_00007FFDC4255B58

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif

Memory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe base: 140000000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Memory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe base: 140000000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Memory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe base: 6F3ECC7000			Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\7-Zip\7zG.exe C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz	Jump to behavior
Source: C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k cmd < Blocks & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mkdir 5870	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b President + Reduce + Evening + Span + Routing 5870\Si.pif	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Facility + Estonia + Mi + Mauritius + Gui 5870\s	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif 5870\Si.pif 5870\s	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	Process created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Jump to behavior

Source: Si.pif, 0000001A.00000002.2810596039.00007FF690D56000.00000002.00000001.01000000.0000000D.sdmp

Binary or memory string: @EXITMETHOD@EXITCODEd0bd1r0,2d1bd5m0d250m0d10m0WinWaitDelayd1#3WinTitleMatchModed1r1,2WinTextMatchModeWinSearchChildrenWinDetectHiddenTextTrayOnEventModed0#2TrayMenuModed0#1TrayIconHideTrayIconDebugTrayAutoPaused100m0TCPTimeoutSetExitCodeSendKeyDownDelaySendKeyDelaySendCapsLockModeSendAttachModePixelCoordModeMustDeclareVarsMouseCoordModeMouseClickDragDelayMouseClickDownDelayMouseClickDelayd0r0,1023GUIResizeModeGUIOnEventModed0r0,3GUIEventOptionsd124cGUIDataSeparatorCharGUICoordModeGUICloseOnESCExpandVarStringsExpandEnvStringsCaretCoordModeShell_TrayWnd%s#comments-start#cs#comments-end#ce-CALLGUICTRLREGISTERLISTVIEWSORTGUICTRLCREATELISTVIEWITEMGUICTRLCREATETREEVIEWITEMGUICTRLCREATECONTEXTMENUONAUTOITEXITUNREGISTERGUICTRLCREATELISTVIEWGUICTRLCREATEMENUITEMGUICTRLCREATECHECKBOXGUICTRLCREATEMONTHCALGUICTRLCREATEPROGRESSGUICTRLCREATETREEVIEWGUICTRLCREATEGRAPHICSTRINGFROMASCIIARRAYONAUTOITEXITREGISTERGUICTRLCREATETABITEMGUICTRLSETDEFBKCOLORINIREADSECTIONNAMESGUICTRLCREATEBUTTONDLLCALLBACKREGISTERGUICTRLCREATEUPDOWNGUICTRLCREATESLIDERSTRINGREGEXPREPLACEOBJCREATEINTERFACEGUICTRLSENDTODUMMYFILECREATESH

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC425A690 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

28_2_00007FFDC425A690

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC4255E68 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

28_2_00007FFDC4255E68

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC4255A3C HeapCreate,GetVersion,HeapSetInformation,

28_2_00007FFDC4255A3C

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: RegAsm.exe, 0000001C.00000002.3020973099.000001D1C556E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3020973099.000001D1C556C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

Code function: 28_2_00007FFDC427A860 GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_snprintf,OutputDebugStringA,

28_2_00007FFDC427A860

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	41 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	212 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	11 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	21 Obfuscated Files or Information	Security Account Manager	37 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	3 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	71 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	Traffic Duplication	4 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	121 Masquerading	LSA Secrets	4 Process Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	41 Virtualization/Sandbox Evasion	Cached Domain Credentials	41 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	212 Process Injection	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify	0%	Avira URL Cloud	safe
https://urn.to/r/sds_see12https://urn.to/r/sds_see2	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	64.233.176.84	true	false	high
edge-block-www-env.dropbox-dns.com	162.125.9.15	true	false	unknown
www.google.com	74.125.136.99	true	false	high
clients.l.google.com	74.125.138.100	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
90.156.5.0.in-addr.arpa	unknown	unknown	false	unknown
dl.dropboxusercontent.com	unknown	unknown	false	high
iSNeRcJlEhJAMEFextxTBbKCqq.iSNeRcJlEhJAMEFextxTBbKCqq	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000ECA0978CB6	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://duckduckgo.com/ac/?q=	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://stackoverflow.com/q/14436606/23354	RegAsm.exe, 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://github.com/mgravell/protobuf-net	RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://system.data.sqlite.org/X	RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/X	ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Si.pif, 0000001A.00000000.2560879384.00007FF690D95000.00000002.00000001.01000000.0000000D.sdmp, Routing.14.dr, Si.pif.24.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://www.sqlite.org/copyright.html2	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD04B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmp, sqlite.interop.dll.28.dr	false		high
https://www.autoitscript.com/autoit3/	ESCAIXA_JUSTIFICANTEPAG0.exe, 0000000E.00000003.2518921681.0000000002B72000.00000004.00001000.00020000.00000000.sdmp, Routing.14.dr, Si.pif.24.dr	false		high
https://www.ecosia.org/newtab/	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey	Thglj.tmp.28.dr	false		high
https://www.sqlite.org/copyright.html	RegAsm.exe	false		high
https://ac.ecosia.org/autocomplete?q=	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
https://github.com/mgravell/protobuf-neti	RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify	RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/11564914/23354;	RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	RegAsm.exe, 0000001C.00000002.2951872203.000001D1AB410000.00000004.08000000.00040000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high
http://www.codeplex.com/DotNetZip	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BCF77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://urn.to/r/sds_see12https://urn.to/r/sds_see2	RegAsm.exe, 0000001C.00000002.3033696035.000001D1C5EB0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD38F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://system.data.sqlite.org/	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD224000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, sqlite.interop.dll.28.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD413000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001C.00000002.2969464697.000001D1BD4EE000.00000004.00000800.00020000.00000000.sdmp, Hwzusddoybw.tmp.28.dr, Stdahnwfg.tmp.28.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.125.9.15	edge-block-www-env.dropbox-dns.com	United States	19679	DROPBOXUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.176.84	accounts.google.com	United States	15169	GOOGLEUS	false
74.125.136.99	www.google.com	United States	15169	GOOGLEUS	false
142.250.9.100	unknown	United States	15169	GOOGLEUS	false
91.92.254.99	unknown	Bulgaria	34368	THEZONEBG	false
74.125.138.100	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.18

General Information

Joe Sandbox version:	39.0.0 Ruby
Analysis ID:	1379774
Start date and time:	2024-01-23 19:14:17 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.troj.spyw.evad.win@48/41@13/9
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.177.94, 34.104.35.123, 192.229.211.108, 142.250.9.94
Excluded domains from analysis (whitelisted): ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Si.pif, PID 2896 because there are no executed function
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0

Simulations

Behavior and APIs

Time	Type	Description
19:14:56	API Interceptor	1x Sleep call for process: OpenWith.exe modified
19:16:12	API Interceptor	1x Sleep call for process: Si.pif modified

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif
File Type:	PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	65168
Entropy (8bit):	6.083093275998516
Encrypted:	false
SSDEEP:	768:/8XcJiMjm2ieHFYPyCsSuJbn8dBhFwjSMF6Iq8KSYDKvc7qWk81:zYMaNyFYPYSAb8dBnWHsPDKvcN91
MD5:	A4EB36BAE72C5CB7392F2B85609D4A7E
SHA1:	5C58053A3A18C0226B98A4AC7E7320581300B6C9
SHA-256:	DC45704BA97D974D157C1C4A27DBA402AFA595EAC2468D8DEF2EE8D0A2EE9A81
SHA-512:	8EBDD20B7C1EE87AA3766D812960B0D8CFA0A6BA6E371F730E589895D202DD540EB475F69940261C1532E90D1030370E9EB5102CADBF6E546F99B350DE79B95A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....A.].........."...0.................. .....@..... ....................................`...@......@............... ..................................8................B........................................................................... ..H............text........ ...................... ..`.rsrc...8...........................@..@........................................H........A...p..........L................................................~P...-.r...p.....(....(....s.....P.....0.."........(......-.r...p.rI..p(....s....z....0..........(....~P.....o........(....n(.....(..........%...(....~(.....(..........%...%...(.....(.....(..........%...%...%...(....V.(......}Q.....}R.....{Q.....{R......0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......{U......

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1071200
Entropy (8bit):	6.430438608680571
Encrypted:	false
SSDEEP:	24576:ig3SttBw3RuXUurx5pJDrYwrxI9ABHu/MKkWMG7AaVBu:igUtEkXUu15pJDrYKxO2Hu/MKkWMdaVw
MD5:	BFA84DBDE0DF8F1CAD3E179BD46A6E34
SHA1:	06AE3C38D4B2F8125656268925EBDE9ECA6A1F9E
SHA-256:	6DE412B8674FFBA5D78FF9D36ABFFBE2CF86FD08B2231592FCA2FCF41F1F2314
SHA-512:	EDD4C839437570003E1CC4A04E6CB7BF8C70C0EBDAE741E69782E9BDF47C42441CD8D709170898859B94B3248CCCF0E9DFA5E183C110B93DED935CE69A0FF82A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......`.........."......F...*.......Y.........@....................................v.....`...@...............@.............................Pl..\|.......h....P..xo...2..`&......\|...@...........................(...`................`..8............................text...dD.......F.................. ..`.rdata..DB...`...D...J..............@..@.data...P........P..................@....pdata..xo...P...p..................@..@.rsrc...h............N..............@..@.reloc..\|............&..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\s

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2139177
Entropy (8bit):	4.760077423189836
Encrypted:	false
SSDEEP:	24576:9HS+QfpyZRjcNtqzIdYBr4zIku4xEVqkyGpFqL7uDOt4NH:B
MD5:	A40B44AD5622BA0C1C20C46FA1B432F5
SHA1:	02688B77C8263AA72D9A5B7420174C8A578CBD6F
SHA-256:	5977545A9543FB4D2B1BE7DA7ECF6FF212FA4CF0794A5869797CC72CE5C2B71E
SHA-512:	6158B394B312B2FE608A26881BB9E54E541F17460E528E8BA9EC4174FBDAAB1B6714818DF943F2D0C773A2CDFA891B7BB0239F145E28BC7905575AC1CAA0F037
Malicious:	false
Reputation:	low
Preview:	$AlabamaAuditAnnounce = 66..$TeachesDomain = 98..For $ZTwBk = 84 To 165..If $AlabamaAuditAnnounce = 65 Then..ConsoleWriteError(ArenaValidity("87[108[106[104[117[67[85[114[111[111[108[113[106[67[90[100[119[102[107[104[103[67",3/1))..ATan(5151)..ASin(8545)..$AlabamaAuditAnnounce = $AlabamaAuditAnnounce + 1..EndIf..If $AlabamaAuditAnnounce = 66 Then..Opt(ArenaValidity("89[119[102[126[78[104[116[115[77[110[105[106",30/6), 1)..ExitLoop..EndIf..If $AlabamaAuditAnnounce = 67 Then..ASin(7134)..Exp(9981)..$AlabamaAuditAnnounce = $AlabamaAuditAnnounce + 1..EndIf..Next..$IgnoreCastPicsForgot = 7483746/7483746..Func GifSpellDiscoScheduled($PHARMACYTUTORIALS, $PURSUITWNDIEGO, $CALENDARSUPERVISORS, $kirkretrieved, $beganbankruptcyinspectorpressing, $WonderfulEvilPrivacyTramadol, $InlineDirectors, $FRACTIONHA, $SASKATCHEWANINCOMEFALLING)..$gangbangmacintosh = '037197170214811068990'..$AttributesRestaurant = 60..$genevarefuseaccuracyannoying = 85..For $iwhOJen = 9 To 443..If $AttributesRestaurant = 59

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Blocks

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with very long lines (1760), with CRLF line terminators
Category:	dropped
Size (bytes):	12453
Entropy (8bit):	5.812044202219224
Encrypted:	false
SSDEEP:	384:0icBimafQ+/B3GR2zPnP/2DwP/2iP/2njP/2YJ9K3P/2Dzb/oP/2YJ9hEUPs1uGN:In+YYPTxQoEyjw
MD5:	F991193EAFFD77746A3215D7DD336727
SHA1:	CA2B8AEF2DAAC368BFE06AFAA47E3CDF081CAFBA
SHA-256:	A6AE6FDB7C23F8DF71364FFAAAB0FF7306F295AE77C1603E54C9EC0460F83F99
SHA-512:	E5605090F51EF5E7C4C2FC3FCC30FDE76EDC08725C464A197F3F9051CD80BC46D7599429FAD97D9991311B41E990D4CD4A0798F147AB4B0D3318CC6055285157
Malicious:	false
Reputation:	low
Preview:	Set ioAQhKXdPRwloYughAfSEGJugLiOqQenflCwTfTQc=g..wADTHORRSaPY=mzBCCpfYPDVYctxYGnbL..HGKSmZpZluAkwCmNsgjD=jXIUjKvTkTsh..RNQKepuZEv=NxCVkfllizxJeXhfMu..joYwKMWGkrboIAhiRiBIVIiyHbtOM=TxTFpjPaRpgJYiKlMoOQcolbr..qSxhIiTvprfrdwsmfazjJ=cvLVqWzLpcBFkWYEBiPCYHUJSNnWS..tRUwbXCMuXrbTUBKPcBLRkbiwNB=ehnvTsdJLl..qeOqRmANqiiYecuwSxM=JvAKTnGEBD..ZEWBJekFHAqBUVfcwNdnfYlOEBt=aTWkvgozuTvY..PtmJUFOErERkyDqxoXiYtj=EOtGMVfidaRATKyJWfCfgtqsL..YYWfZCCdVVPZ=IOvBThriKe..Set kJBXAmNNVFXslqafXDPpTWhUBRDirHZgVJr=s..FPcietvLvj=AYyEVTxgvHvIVGJhFIvB..egaNzwQSQptFrGtBczwfOTzoiABz=QeqKCnKNQBRDvFnsrSZELlgxjo..VpGSmbwqurVAo=OERlLahUQtICOyFNG..xfODlIsycFsgisQlXFb=BPVqaBlXJWxav..uTFlxoTFXIDCWdLEoqd=WEzNkInxvnlYSKkWEM..gdVSjbQFTktNxe=ABmSZLKnonbFJjyOZcPwuwMudxrEo..Set KQVTpJbMMADRMzPRuaOvtaFqSmPaBFHudQNG=v..rcshIgbffasnhKPLhakVqJUtli=bBVGooffztRJdDDlvwesXdEDcx..PzAhrAvqNxLpfYxvHvIVabmbe=QUuWskNxAWSRN..TCPQLSMzCUXiM=vaUelVKCTReAcVnnEQI..ePIJMlcbakZpngYiwPG=nsIXNlvRUrdumjvGJldZAjpHRSw..XdvOpPqLuKVC=DCgVSKkRsnQmGajiwuUofUEGC..

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Estonia

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with very long lines (3666), with CRLF line terminators
Category:	dropped
Size (bytes):	428032
Entropy (8bit):	4.048151222083177
Encrypted:	false
SSDEEP:	6144:LBNG9ld5P2zpeJyF/hvwCDVdVFGqntYim5QUqi:LAlSdeJyZhvjdqSi5fqi
MD5:	9FC504897B70B2F61D8E0E37851B2C91
SHA1:	E77F4F80FDD714C5501221029BABAAA64F2FB513
SHA-256:	C33938E72375BC28D9FC8D46794F8DEA9A000349337807780262867F693A3142
SHA-512:	65C1645915ED9B35825369E7FFCFFA1F916C1EDF2FC666A92E5FDDEA0ED9DF50C619A5558A0407FCEAAE907914F112468A170CFDF78D346F16DF7A7BBAB8A0D4
Malicious:	false
Reputation:	low
Preview:	DE47858AC8D7B5A7EBBEED0908F7B0B6072F744A6B88F5E8DB5DD01E09C99B1365E681B06E98280E5889761CECB4E9C3A353F3932951851D57B5C08D2077DA8360DA68105646A7BD347EAD7A4FF1118FB5897B13AC7F817499696394F86E900C49198B57FAE597241DEF3372CF34BA605F7613B064A8B3966200AB851E3872D86E7FE984B744EDFDE7E6D84833B51662D534BFB4454312278463B1EAF3470847D88663C65580D2A207AFA94DFFA0695BDF513F8A1A8BEB21D715646544019B23CAC9E8D1835130D740F4707C926BF03AEA291D1A3F373A8C089C7A6EBD10E925F1F0F2F389366725AEA6548838C605C2C97A4891C8330BDD4A43B0A0E02D3E1B0E60486712F3A99032BD4CE4A3F7F86D50CFBC00B0DF3F739F814CC35F699FA4AA59A34AFAB2A75F678FB19E8FF2D87EF2525310F77CEFD683B5AD9511B51D2A9393C33A800D5C6018AF23A04C17C8B313B9D3905CE3CEAAE95B6D715F764EF0B8D2BF181F364154CC6C09F61BC238211462DD6A369E18588D77662362C7BDA3650BE458282673A6AB086A290412F6B93223FBAD54A2A1B60164A900EF1340568816B050153701200ECC24252FC0A2DDF49D4F0F707C1F4AF6D8999FDE0BA7507BC7CCA6A036B4C9DFD79682C162C025D250E460E78826A6A525148E222E5DA000A33B0B5A49CE3080E22B1E2462AE4F21CCC322

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Evening

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	data
Category:	dropped
Size (bytes):	271360
Entropy (8bit):	6.467548746714926
Encrypted:	false
SSDEEP:	6144:3QLaiOOWP/jXrwUqAM/8chPwPf73umIrxJQugUvCXRB5+N7Q:3Q+iOr/Drw+cZwX73umI9JJEBB5+N7Q
MD5:	9A6F5C374264A164E2E2DCCEC7A39D71
SHA1:	5F5F6702C5DCEF43C06976D5BF2FAE1E32826FEB
SHA-256:	DFFD92A3A09D12103DF256623EBB8CD85DACD2C7D021055ED510FF2956862EFF
SHA-512:	59C129C8558D75ACE747468543CDC293BE8D32AA43B837D8176C5785AEAE5ABB7306A62D27E5B1541688524A00C97DBD3CC7A4D04384D27623A3D61DE26BACD5
Malicious:	false
Reputation:	low
Preview:	......H..3.......E3..........U.......D.Kp.....fA..I.@.H.E.fD..H......H.E..T$`.....D.E..U...x,.E.A;.u.;.t.E..A.I.....E..u.D...IE..E...y.E..x..M...y.A..U..M....M..U...A3.....u.9U.u..U.D...2...A....)...A..fD.....L....L.\$ E3.I.......E3....u..............xy;Kx~..KxH.E.f..D.UO.....T$`M..t.H.EW...LcE.I....T$`H..N..@. .w...L.G.f..H..I+.L..H..f.G.H.}.H.}gH...H.M.D.M.H.u..u.......u..A&...........P-.D.H.Mg..H.U_H.E.H..3......H.E.L..A........A...fD..E..H.D$ I.......L..I.L$.M+.I..I..M... ...L$`.....fA..$H.G.I+.H..fA.D$.fD.w.f.G.H...H.CH.......H.Mg.......r...H.U...L...q..H.U.L.].H...D.E.H.U.L.U.L.........H.U.L....2H.E.....U....E.....I....O...H.M`H..t.M..u.A..A+A0H..f+A.f.A.L.U.H.U`A..........A..v...A..A+A0H..fA.C.fA.S.L.U.L.]`I....v...A.....I..I......A;.w)M.A.I..H..B...t.L.R.L.U.I..A..2I..A;.v.3.#...;.......L.Q.L.U.E...fE........L......M..A........t:M;C8se.E.I......M.C8L..I..D$ .t..L.U.3........L.......3Ic.....Hk..I.K8L;.w.fE;.....u.;.tXA.......fA9B.tI3.I...M..L.U.9U.t!A...

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Facility

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	414720
Entropy (8bit):	5.495217039479752
Encrypted:	false
SSDEEP:	6144:9aaO2NhVx6VmrZ0vRgH5jH5N169sok5ZoY7iRpAOcbkPlA:9PNhjUmry+69N0tiRptZlA
MD5:	E255DB9ECE54422E2DED9F2C2BC10643
SHA1:	DEDC02265DDB0AD10A4E2C91A91190A379118B56
SHA-256:	495A7ED132B44BEDE9DFA23BD1268B7B987479CD41646543971C0C6AFFE2656B
SHA-512:	6478E93521CC0B44D04034A3A41048C673508FC1B97538587652E74D05734A3CE260E55F5413C045B45A0B1B5D3188BFFFA7024E84BF72B5C1D2AE3A167E89D5
Malicious:	false
Reputation:	low
Preview:	$AlabamaAuditAnnounce = 66..$TeachesDomain = 98..For $ZTwBk = 84 To 165..If $AlabamaAuditAnnounce = 65 Then..ConsoleWriteError(ArenaValidity("87[108[106[104[117[67[85[114[111[111[108[113[106[67[90[100[119[102[107[104[103[67",3/1))..ATan(5151)..ASin(8545)..$AlabamaAuditAnnounce = $AlabamaAuditAnnounce + 1..EndIf..If $AlabamaAuditAnnounce = 66 Then..Opt(ArenaValidity("89[119[102[126[78[104[116[115[77[110[105[106",30/6), 1)..ExitLoop..EndIf..If $AlabamaAuditAnnounce = 67 Then..ASin(7134)..Exp(9981)..$AlabamaAuditAnnounce = $AlabamaAuditAnnounce + 1..EndIf..Next..$IgnoreCastPicsForgot = 7483746/7483746..Func GifSpellDiscoScheduled($PHARMACYTUTORIALS, $PURSUITWNDIEGO, $CALENDARSUPERVISORS, $kirkretrieved, $beganbankruptcyinspectorpressing, $WonderfulEvilPrivacyTramadol, $InlineDirectors, $FRACTIONHA, $SASKATCHEWANINCOMEFALLING)..$gangbangmacintosh = '037197170214811068990'..$AttributesRestaurant = 60..$genevarefuseaccuracyannoying = 85..For $iwhOJen = 9 To 443..If $AttributesRestaurant = 59

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Gui

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with very long lines (3666), with CRLF line terminators
Category:	dropped
Size (bytes):	318505
Entropy (8bit):	4.856821833386711
Encrypted:	false
SSDEEP:	6144:vqLn7nLojVzms/nHu3/V6N2ATpyhlUqgyXSrKD1BD1nqHPyZGRD9:vqL7nLKCynO3tucCNfvX
MD5:	FBEF6FA14AA40A64A705ABFFD615F7A3
SHA1:	25AD1D122501A21CBEF98D8E119E22FB680C8219
SHA-256:	974DDA3DC9383D2C6F865E620118C04C970C0D9898DA94BE66047257774BDCAB
SHA-512:	77BBE8B57C6998AE7E82A45B864C39A93903C2110600292CECAFC16EA6DEE6063338A8B7404C02B67E97B4F84D263B7CC62822473BB021EDF6A322D38F3E746A
Malicious:	false
Reputation:	low
Preview:	5BF6D824D8E0AFB587C2241FCDDB9336BE135634AED52B2489A285E5EFA2FB40D96268011BAEE14DEC6A891FC263AAF393EA8353EFF2B45BA1A23AD89720FBD0C861071CDC6D445CDE44089EE7B78533B85AFF30FC86FDCA49370F94B9D6927C55E643F05A37F0FACF444CC82A8AF921D67F7768CB046B3841AB2614D00582AB97249B113B5BD740A99339B4FB912EA479FEBE54B7D5BEE7713A2A41EBFEC72B475EB8C11E0F00CBCBDB4CFC1959C9AC2A17BA68E1C3CACB8ABCC84C4D6B6F31713313D5EEFACF0899E90D369377A6DE91C31E2D345564AE1B8B778EAF0B37F2B3DE67426024758502888C08A023321B386A1AE540BF13ADC5FC7F242444373B96CE8012F5A3E916B01EA9A74754BBDD6BF9AFE547DB528EBE2CE19AE01A8D1C6800214EC9705009C39D76C163FF6318F3C7F39A979D686D7111CD8DADB7264452D3DFE8894EFA130CBBC90A423D5F0763B6CB2D1CED26B3BAF607DB1780A1E29422854D1DB2BDF4FABB98D53AD238697233F73F6CC851024D27788CA2BA79225E9D6F9967BA63241243DB5802C58F2A091246F9F3DF52349DAC167A9994068C409EBCAE493DBD083590F5AC18DBE66CE9126AACDFA612C098D08FF9DD4161FBBCB3006DE94669ECAD98AB4050FAB7E6C822C5B3CBB4E9CBF16B3DBB70376500CE8DF1E6DB75DD76CE384797690010A21A2622B7

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Mauritius

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with very long lines (3666), with CRLF line terminators
Category:	dropped
Size (bytes):	505856
Entropy (8bit):	4.048416752892392
Encrypted:	false
SSDEEP:	12288:mU8E46U0gLfLgu0j2V9EENBOEqtNMyM8CpR:lIku4xEVqkyGpR
MD5:	39F694704B80BE91610004820BF83A4E
SHA1:	0BBB88A710F4ADD9A3CBBAA1B5B99358D0AC9B52
SHA-256:	3B7DEE0879C5F06116793B4D024AF789C5433ED5BBE9B0139420DD91751F5B44
SHA-512:	D30B0041739381E85624A7B958B94A1E1B7DF4ADFA3972A8FDDF65BFC7234BD4F17327B71A91C0F9A579B19C202BC68302FF0777F232A44C8644754B7E0BE0CF
Malicious:	false
Reputation:	low
Preview:	3E0CF44ECE029A3D929FD2DAC618DAEAF42D074FCF979C23851B4F369F3B33B4D1067916F91AC5FDB952F9727D48BF4056E70C38068ACFF53335CB079F2B4CEF88F8CE354037A677A3AE227DE497AAB11F9007CAD8C8B5B2E2F0093C922D88C29B1C3F0BF946388AE94E822902412B9415D60AFB02B7B129789586141FAD0093A8A8EF4342DB3DC4B0FB929584A66236F4C5EA5D3B45A4C14922720A1B1AB94E3760DE5F0413851EF606D6E2841982CE391EADA6201D069D38AD57BF0D101610F85817F9F3488F893A64E283DF6AA4AE5367FD502C456A613575D7D88EDB490B6D2C61AF5463697C930654FF4835141FD3C74102B2A2DEB371833632EEF41EF446CA5A8D0C27E3536AF40AC210FE230E655C524B8580F904E6F8E41C0368CC1BC16C145B4C308223660116E50170C46BD1755F658AF1115A7FDC1F1180F39E09E5BE3F580D0C15AA9C20A2AC8F4B8966195AEB63A8983744982EBC6102168BFC91BA5C07ABF3E68BA448E087472809E47F3876197F8B2FD8DC7E5440CAEB713A930FCE72B63334DF7CE0519A4D4253BF4DDB58D7A3B11226440827CB74E30D638001C3080E0DED670374F3CACE27A1AEA25F135520800F300EC156FD98582414E7915742DE4F70862B28A3B1E27FBF802C3505F29274931BC9B9BF076AE34F9129231031ACEB861360C1242B3584A43546255AF9

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Mi

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	ASCII text, with very long lines (3666), with CRLF line terminators
Category:	dropped
Size (bytes):	472064
Entropy (8bit):	4.048497577664244
Encrypted:	false
SSDEEP:	6144:OIdefRBemVoKk5P1ASQJwwlcecwuwkIgn:OIdi7BcP1UFAwkd
MD5:	A074C5F31C5575F660AB2C9E52F1AE6A
SHA1:	C03D24C149B734BFF5447F0E0766AD59B9CF34AA
SHA-256:	A843A674FAE81451349CBA5FDDC229EAEA43600DCDE1B8A7E14393873F17E635
SHA-512:	032C3EF917191B7AD857DB22DFAD288B086218534C89FE4D80C10E162E6B736B0149948F7A40A17C869E84C0A80FD42C1EFC405F46B7B0D837EE4C71CEAC55FA
Malicious:	false
Reputation:	low
Preview:	79BA7DA49474188345E3477E0B47D2C8D35AF84046F59465C636E94538A74D60C8ED2C97899C52A91ABF5A3D530968DFD6304B02A0637C4436D970113049C3531CC1A7292BD5BC6901D932ED121DCEBB8B012525DD1666AFC2987568A5A2D5BA0CEE9BB7359BF1D9BBEE0B72374E9246B2C4C984C70B72DB90141D9630F091A10BE14EF9E4EFFE48052A0FBCD136E59E2B656E511B05F8CC917A23846CC25AA4C7A5F44'..$ZuTUGbUkuyn &= '59FB24F211EBC44CE6518FD4BF9BA86FA1D56ACCAF5B1A35002E5E5D55944E43FADB213E76C947AFCE0C9F9149F7C313CCFFDCEEF31186516445E404B37C27E5D5EE77FF62B8F4CE6E56608F62C2ECA26FB48180F8DF5185E07B0F5C177A35B5F6A9B08606C611602A768EDFFA8F4EEF1C704B2F909D64DCA94567EF9D6E1B361D37C943CDA4E0E9E4E531493D01CA299E57179D58B2BBFBEB8C1D27E600C3F9DC34D911C5F449098D949F9BEDB43787ACC5A317E59BB75283981A2433FBE0A54740E76C62360B279B1043B6822C8E5E17954CE0F4073639CA8655A203DB5EF01D7347F6B0DB92018B5676A4F7547F6F5D38E6827E9D3D8E90BC7FD2FE3127284B3627E88384D846CD5B3F051B19B1E140DD574367332B7B2036AEDEF3A4F0D130D2BC63CF7B78460BA82F722777250377BF1B670E01A53C6453595830284811506EBCE7AEED0

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\President

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	250880
Entropy (8bit):	6.467296126285543
Encrypted:	false
SSDEEP:	6144:mHggFOrrdNWsZK8X0n0SPuBiw3zowPuUGj:ig3v6sM200SBw3zluz
MD5:	2F37858FFB7E1B3DE41B3F9067F311D7
SHA1:	02626D2ECCA9C6E2B15AA9E6212D5DDAAE2A96B6
SHA-256:	7B8828F5D09C3E53F5B2E992D535B74B04C5FE8B845DFB3D93E8C718389D9D76
SHA-512:	85189A6389D28A7D40ABF405224CCFA9DD4A76AC9899166ABF8531864391DD66CC101DD7C906D58DBB692938E00D4F7CCCF33E1624451EAF5C5EE4D94D4662F1
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......`.........."......F...*.......Y.........@....................................v.....`...@...............@.............................Pl..\|.......h....P..xo...2..`&......\|...@...........................(...`................`..8............................text...dD.......F.................. ..`.rdata..DB...`...D...J..............@..@.data...P........P..................@....pdata..xo...P...p..................@..@.rsrc...h............N..............@..@.reloc..\|............&..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Reduce

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	data
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	6.531839634264284
Encrypted:	false
SSDEEP:	3072:/bc3C7YTWY7aCAUMXrIJYZIJBwB4IQDSN42zOCVV:Tc3AM7G/XruYZgwB4IQDSN1Z
MD5:	352F938EE0C0D5C17A04737A73A80A93
SHA1:	D1D2B5A474A523EFCB1A0928260D949333CA71EA
SHA-256:	F892749B6E033A0BA30598163897376A7798EBAFF92EB36E62BECDCBD8039ED8
SHA-512:	717921EAEBF3F4D693F749714E37F5E9C36714B344D40A96D15CFA335FAAE61351F6BDE9E168E3C68F0768355DD082F0C0F2069EBB6769420F6597D2EC405FD7
Malicious:	false
Reputation:	low
Preview:	.......i...H;.uzH.=Q(.....!...C......uc..K.....H..H..u9......k...3.H.......H..H..u.H.K..C.....H.K.H...C ........H.C.H..H...C......C ......2.H.\$0H.. _...t4SH.. H..B......t.H...bO....c......c .H.c..H.#.H.. [....H..H.X.H.h.H.p.H.x AVH.....H.H.......E3.fD9t$b......H.D$hH........Hc.H.p... ..H..98.L8......;=8+...O=1+....t^A..H.;.tEH.;.t?...t:...u.H..........t(H..H...&....?H..H...H...H...H..H.A(...A8H..H..H...H...u.L..$....I.[.I.k.I.s I.{(I..A^..H.\$.H.t$.H.\|$.AVH.. 3.E3.Hc.H...&..H...?H...H...H...H.C(H...H...v..K8......C8....t....t.............................H..H.H.H...v.H....".....3...t....H.s(...u..K8@.....u).K8..#.K8@H.C(....H..r...H..t.I....@.......I........5...H.\$0H.t$8H.\|$@H.. A^..@SH.. .........3.3........u........................H.. [..H.\$.WH.. 3.H.=e%..H..;H..t......H.$;.H...H......r..H.\$0H.. _.@SH.. L..H..H..t.3.H.B.H..I;.rCI.......H..H.D....N.....t(H...r.....t.H..+*..L........=...H..t.............3.H.. [....H.\$.WH..0.d$ .................\$$;.....tnHc.H......H..

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Routing

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	data
Category:	dropped
Size (bytes):	98400
Entropy (8bit):	6.3262313344577485
Encrypted:	false
SSDEEP:	1536:h93Rde1I8iKqkl1OMKHg3EYrDWyu0uZo2+9BgWOEMd:h93RdeniKqk/IgDWy4ZNogWOp
MD5:	84BA205C4042CF628180BA381216096C
SHA1:	B0BD4D22393D0B5C5126B382D575CAC29D757E66
SHA-256:	6A6D5D80EB81549BF0A2AC52FB4F49B63C78AFC5DB603C5BCE68940CB9003575
SHA-512:	6C4F5732E52F2C16391E882AC70D21A9545F334FD4D34E49A93482C7A95F3A96682819DB9438D0D17FE9B0AF5F6965F55AA02D089DC88EA2CD620537CB67A20D
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................AU3!...............................@.............?AVbad_alloc@std@@........@.............?AVexception@std@@........@.............?AVbad_array_new_length@std@@.....@.............?AVtype_info@@....@.............?AVbad_exception@std@@....@.......@....H..@....p..@....a.l.i.g.n...................s.t.r.u.c.t.................e.n.d.s.t.r.u.c.t...........b.y.t.e.....................u.b.y.t.e...................b.o.o.l.e.a.n...............c.h.a.r.....................w.c.h.a.r............... ...s.h.o.r.t...................u.s.h.o.r.t.................d.w.o.r.d...................w.o.r.d.....................l.o.n.g.....................u.l.o.n.g...................i.n.t.......................b.o.o.l.....................u.i.n.t.....................i.n.t.6.4...................u.i.n.t.6.4.................p.t.r...................@...h.w.n.d.................@...h.a.n.d.l.e.

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Span

Download File

Process:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
File Type:	data
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	5.540942449899382
Encrypted:	false
SSDEEP:	3072:ksUMKCrMuoS7FIMQIPcNwTFVAu/BtqxDoY4B+VaAtJPJ61e9Bd0YddxrTgarme:kHMKVu7FlNcwTFWusohudzh61eLgarR
MD5:	3CC3106E4EDC2449AF821AB7C38A874E
SHA1:	147FBBE6D06EDF07F13F623331978F9DDB1C54CA
SHA-256:	99DBA348017A8D1461CFBBD9758C203640713F39CEF4798317B26E558CF55734
SHA-512:	DFDAD09D34FF83B52D14E20A10FE9184A308EEEDB2D93AA715F476B605C950A81BC2EB898F582259CC8F9C18508065BB52FA292D7FE38BD83377F456EED0D5FC
Malicious:	false
Reputation:	low
Preview:	..u.H.U.I...................L.5J...I......H;.u[H..H..t.I..I+.A....E...fA;.u5I...H...u...u.H.EHH.@.H.X H...LM..H.S.I...l.................L.5....I...K...H;.uZH..H..t.I..I+.A....E...fA;.u4I...H...u...u-I.......H..@....[....F......>..............L.5....I....-..H;.u:H..H..t.I..I+.A....E...fA;.u.I...H...u...u....L.........L.5o...I...-..H;.uEH..H..t.I..I+.A....E...fA;.u.I...H...u...u.3.I....... ............L.5&...I...6-..H;.uGH..H..t.I..I+.A....E...fA;.u!I...H...u...u.H.U.I...4....+............L.5...I....,..H;.uOH..H..t.I..I+.A....E...fA;.u)I...H...u...u"I..E3.E3........U...H...b.........L.5....I...x,..H;.udH..H..t.I..I+.A....E...fA;.u>I...H...u...u7I..E3.I...............X.H...~....F.....................L.5P...I....,..H;.u[H..H..t.I..I+.A....E...fA;.u5I...H...u...u.H.UPI......H........EP...F......{............L.5....I...+..H;.udH..H..t.I..I+.A....E...fA;.u>I...H...u...u7H.EHH.@.H.X H...#J..L.K......I..A.....M................L.5....I....+..H;.unH..H..t.I..I+.A....E

C:\Users\user\AppData\Local\Temp\Asqnuqjy.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5804250669904765
Encrypted:	false
SSDEEP:	96:wPANoGuejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:w/GtH+bF+UI3iN0RSV0k3qLyj9
MD5:	17BBF8B6D0F488163160EE06C7236B82
SHA1:	3DEB2A32D6477D39E4F33FAD097416272863485D
SHA-256:	8645B76CA06108597DDE9D53CA2C90BC3DCF329575C2EBCF90440C074B174528
SHA-512:	6A2175C7202C31D0D2F3E59A1B2963490D85883D83F1CF6FB183A0059913C930DDA87BCC981EB10B74CC787ABD51E24ED603182FD8DF942F464FA558A4E01892
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1830064
Entropy (8bit):	6.605471997717241
Encrypted:	false
SSDEEP:	24576:1tvketLxcdnBkDsYamRR6rSgRCfCXxOZHlJrVgKIQkBJmbCqNt:vJx8BKO29sxpQkSn
MD5:	02F50A23E31D1F21AA21AE52FAF3C05A
SHA1:	5B21234729DEDFA1B456138872EF2A046B9EE86F
SHA-256:	5F0E72E1839DB4AA41F560E0A68C7A95C9E1656BC2F4F4FF64803655D02E5272
SHA-512:	BC2FCCA125506D9B762DF4E9DF24A907B9E554D857E705945AE252E7E6B50DADA043EF0E69828B780AC9B569053FCF912C27A770469A80F1F6094C146AFDB9B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rIF.6((.6((.6((.-....((.-....((.-...$((.?P..>((.(z..5((.6()..((.-...7((.-...7((.-...7((.-...7((.Rich6((.........................PE..d.....d.........." ................`O..............................................JN....@.........................................0G.......8..x................".......T...........................................................................................text............................... ..`.rdata..............................@..@.data...8....`...\|...H..............@....pdata...".......$..................@..@text....^....@......................@.. data.....c...`...d..................@..@.rsrc................j..............@..@.reloc...".......$...t..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Fnzgvtkflz\sp4c0p22.default-release\key4.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	modified
Size (bytes):	294912
Entropy (8bit):	0.08428064428500968
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vq:51zkVmvQhyn+Zoz67n
MD5:	BDD416B4CDA202FBECDA64E322383E0A
SHA1:	9648E083239C643A03D024CF42D06FEBCCFC3989
SHA-256:	7EF6BD5E3293949D174DBC2BFD59E9DEE3811CE5B01BAB894A8E0AA4BA6DE936
SHA-512:	D75E0D4B239844293C9CE4980F9FC1665247EF6F21C0D6D4B299F29A5A3800AD44E9B0B1D5FF5BC9CB3EB86F6394D1AA7F86845A54FC4B8A937CDF5DA619324F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Gsfzif.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hmoeyxims.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hqmpdid.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hwzusddoybw.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371512776121733
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/x4:MnlyfnGtxnfVuSVumEHVZ4
MD5:	46A8B7CD1CB434A5C8CE3CF3C7825DD9
SHA1:	518804A81A13456A077723A4384FBD2E20EFD1BF
SHA-256:	9E18C03AD835DCA2E633226FDA3D0DE1FA4B46D9AAAA80FCA6D79FF4EC296B76
SHA-512:	86B5DFAAF334756E422847DD33DB7CC4CCE68A7C817F9523F0976F57357B0A1D156C53886F1BA99EEA9375FBF10E08246EE8EFB7CFAD7D092B888EE7F85F5BD7
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jrfkisqwyq.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Kvkotw.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Stdahnwfg.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371512776121733
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/x4:MnlyfnGtxnfVuSVumEHVZ4
MD5:	46A8B7CD1CB434A5C8CE3CF3C7825DD9
SHA1:	518804A81A13456A077723A4384FBD2E20EFD1BF
SHA-256:	9E18C03AD835DCA2E633226FDA3D0DE1FA4B46D9AAAA80FCA6D79FF4EC296B76
SHA-512:	86B5DFAAF334756E422847DD33DB7CC4CCE68A7C817F9523F0976F57357B0A1D156C53886F1BA99EEA9375FBF10E08246EE8EFB7CFAD7D092B888EE7F85F5BD7
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Thglj.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5804250669904765
Encrypted:	false
SSDEEP:	96:wPANoGuejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:w/GtH+bF+UI3iN0RSV0k3qLyj9
MD5:	17BBF8B6D0F488163160EE06C7236B82
SHA1:	3DEB2A32D6477D39E4F33FAD097416272863485D
SHA-256:	8645B76CA06108597DDE9D53CA2C90BC3DCF329575C2EBCF90440C074B174528
SHA-512:	6A2175C7202C31D0D2F3E59A1B2963490D85883D83F1CF6FB183A0059913C930DDA87BCC981EB10B74CC787ABD51E24ED603182FD8DF942F464FA558A4E01892
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tqxhag.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121694100276746
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8MaQpY54tZ7YTrMD:r2qOB1nxCkvSAELyKOMq+8mKQ0M
MD5:	CDA85A15C573E0F7BE2767041E7D9228
SHA1:	83C19AB6D29FB57E04B96588D9A7769431FD30CA
SHA-256:	C61586BE7205433684E70E234D76FF86F6986682A8D7E2924253BBE3C1E34C24
SHA-512:	AC73E6CF9C872AFAF62A0B3595FB82D937BD2081DD69F2B3A284E54BB6EE5DA1B101531641095CE5BA17C10D0717B1494EFD0192C9B716BA8D8C8377AEE98F8A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uzknzrd.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121694100276746
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8MaQpY54tZ7YTrMD:r2qOB1nxCkvSAELyKOMq+8mKQ0M
MD5:	CDA85A15C573E0F7BE2767041E7D9228
SHA1:	83C19AB6D29FB57E04B96588D9A7769431FD30CA
SHA-256:	C61586BE7205433684E70E234D76FF86F6986682A8D7E2924253BBE3C1E34C24
SHA-512:	AC73E6CF9C872AFAF62A0B3595FB82D937BD2081DD69F2B3A284E54BB6EE5DA1B101531641095CE5BA17C10D0717B1494EFD0192C9B716BA8D8C8377AEE98F8A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wuxjcrf.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5804250669904765
Encrypted:	false
SSDEEP:	96:wPANoGuejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:w/GtH+bF+UI3iN0RSV0k3qLyj9
MD5:	17BBF8B6D0F488163160EE06C7236B82
SHA1:	3DEB2A32D6477D39E4F33FAD097416272863485D
SHA-256:	8645B76CA06108597DDE9D53CA2C90BC3DCF329575C2EBCF90440C074B174528
SHA-512:	6A2175C7202C31D0D2F3E59A1B2963490D85883D83F1CF6FB183A0059913C930DDA87BCC981EB10B74CC787ABD51E24ED603182FD8DF942F464FA558A4E01892
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Xpclpgj.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 23 17:14:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9889094564220438
Encrypted:	false
SSDEEP:	48:8SKdLTTH+HOidAKZdA1FehwiZUklqehiy+3:8SqfTpy
MD5:	188D73AA00440B6C08D3A12A7A011287
SHA1:	860017A5F187D9ACFF6611FBAFC494DFB03CA17A
SHA-256:	4938EB6B5CD9421935C1EDE7008780E1155220893238E6828485AAF7C8217525
SHA-512:	41FB5B1D04DAACD998EF6B6DA925EDEA92E15FFF48310E06268070F5C8BC59151A2F1B7CE6B626171DE2B5227D5D62F18B94C4B03E0B233AB73F297EB0D00F0C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....N&].(N..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 23 17:14:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.007516606454379
Encrypted:	false
SSDEEP:	48:8OdLTTH+HOidAKZdA1seh/iZUkAQkqehZy+2:82f99Qsy
MD5:	2F3C86D69E5310B224A1CE5840D2C894
SHA1:	9F0F1F4EAD7A932435980B99C7C4C91F30E4EEFD
SHA-256:	DDB45FF1263291EADBD478A6EE12BCDDD824507BB02D7DCB7D3F6D29B2CAC531
SHA-512:	6E0081457E9CBDD711ED2A9DCD57C6A30779786AD44BEF907B6E45A538A465AA0E265A4DAE66010C0608C4B9FFD49D26B81BE5D641AABC713A36C4F10D131CE8
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......Q.(N..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011884230939988
Encrypted:	false
SSDEEP:	48:8BdLTTHAHOidAKZdA14meh7sFiZUkmgqeh7sLy+BX:83f7ndy
MD5:	6CAF674CED603B182FF50B7F4042A42F
SHA1:	578C08D5C480138C8C1675AA5B0DCCDA09E01ACB
SHA-256:	E8FF2A1BA4EFEEBA8881E2028A8B409B74E87FFB5928AE91EDB0A9C2E11D6059
SHA-512:	734D2E830A54622C16910118F8987EFD2D3C2BD2C1D72AD14FC18D183EC66137A2E7018CD3A166F50B095991C475E0376E4E0CFF3CBCEF50F0CFDD4C67A7D4D6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 23 17:14:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001359492018155
Encrypted:	false
SSDEEP:	48:8mdLTTH+HOidAKZdA1TehDiZUkwqehFy+R:8+fOTy
MD5:	20320EDF22A3EF1303440A15E8E3D2C7
SHA1:	B6AC88609E0D496592D075FDD181D8B94DC16905
SHA-256:	51FC7CE93D4353D94C93275539B71426CACC2CB9EF19ED9C0487437F8F0BE1F4
SHA-512:	8C678904719D0E89B598E585D0174E5BA35339563DBC92A4C01D7F962B78660144E87A68B1F83111E449F1D5AC604201971CE90677C4DB09247ECB44D0F8AD90
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....4wI.(N..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 23 17:14:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991676219366563
Encrypted:	false
SSDEEP:	48:8xdLTTH+HOidAKZdA1dehBiZUk1W1qehPy+C:8nfe9vy
MD5:	F9DC59B6B49FA58F569C4CC5EAD07810
SHA1:	05FD81D2F322D12D8CF94FB2EE8A4C42A71AB1A6
SHA-256:	F577372B537CB44A89968B1F0E05D9595B6B4F3A9A77BE4EB9C185C5B29C9D09
SHA-512:	5C91B4B3007A8FEADCB8893AEEBEE7E30F75FEC7AFD1DDEAAB8064A7EF4FF270065F78AA5AA6FDAA0C5BFB3EF7AF4DFF73A20F22ED229AAFA9B35483C2B5E81D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......V.(N..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 23 17:14:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000189558590827
Encrypted:	false
SSDEEP:	48:8MdLTTH+HOidAKZdA1duTeehOuTbbiZUk5OjqehOuTbdy+yT+:8ofUTfTbxWOvTbdy7T
MD5:	4E1D6C4C518A360B10A0BC58F423E79B
SHA1:	8ACB2FA39FB6D6071E568C5885D2AEA40E4162BD
SHA-256:	04FD53BC6008919B53D35EA8E3EEC6088A71C41C5DF58284B91CBA718C316771
SHA-512:	40B2F40633E7496EB9E2965004CA94E292EFD02D70B777A29FFEB7F81C2EB8D65ED2F7AFD2061FF4E5C271DAF48F681B6D3C9A9F8893250EE64651121994127F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....k.>.(N..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	low
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	low
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "ESCAIXA_JUSTIFICANTEPAG0.exe", last modified: Tue Jan 23 07:47:43 2024, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 691217025
Category:	dropped
Size (bytes):	2425444
Entropy (8bit):	6.6478371528656695
Encrypted:	false
SSDEEP:	24576:c3i88vWi9eKm1COcv4qr72zi/eu3TKT2CdK711uo83AFxKYpfS3+5L0fjAxy:MAWiM1zcv4qlmu3TqoeAFpasL0f+y
MD5:	49CA426CC83BA41AB5D24620FB78890E
SHA1:	6D898BD99A77059B45392A9DC340CD676DAB53D2
SHA-256:	DF6C6685DCC8A3F23C0C2D51C7C00A2165C95D9C7FECA910B22B593CB9778B3E
SHA-512:	0416847FBBF9D4FF38993A1A6E9E827B1C3338947C099EF9077CA183253D9F77ABAE19E603698E49160CF336E4504AC423EE4456689609CD69A21A753CD3272D
Malicious:	false
Reputation:	low
Preview:	.....o.e..ESCAIXA_JUSTIFICANTEPAG0.exe..\}`S...I.6m...JA..EQP+.Hi.-.R7.R#...pJ.37...L)..v#<..M7.9..ml..6'U..e...."Ta.8..S.jWR,.../).>..?...u..~.s.9.....J&I.,....$.........../...O...&....x..(..X.....>...a.iw.W...+...Y.._tV........Ug%.....'....7....<..{...RZ..I..,...0..-.M..tIz.=\|.....#t .A...7KR2..xH.I\|P....)IY.@..PH....qfi3E6...O..?yc..=.......:.'.....e.e.....}.\..#IK._q........R.M./.+....0i......D.m...\|...W.8..f.."...i\|+.....?....i......#.......>dSWHRk...Rk.C....,n....X....R...R8.V..e.-.zt..b[....L&.%9.......k.z..=.K.,..n.)[.RCH........Mg...O.H.=.<\J..!.m.C.$i.....X.vO.#i..c..BvP:..DZI.\.9.....e.....C..l......rk.E..].Rg.e.EYr...5;..z....&7.K..%....D`.U+u..K.5{-F.~..yJ.f.`.3.aR..."..N1Kd...F........'J....f..D.C..p_w^.C.[Sb....".l...-....x....SS....50..cWVy...[.H(w...(.$./b...I..........".TE...9..f=y...........=..J...L.....s..y8.=..Y.g.t=..~L..H.....a..C.-...="I...Rl..@.o.$....Y..4..R...l.$..9..E._...w%..e5.^.l!...J.....4kh...n.2Ss

C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "ESCAIXA_JUSTIFICANTEPAG0.exe", last modified: Tue Jan 23 07:47:43 2024, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 691217025
Category:	dropped
Size (bytes):	2425444
Entropy (8bit):	6.6478371528656695
Encrypted:	false
SSDEEP:	24576:c3i88vWi9eKm1COcv4qr72zi/eu3TKT2CdK711uo83AFxKYpfS3+5L0fjAxy:MAWiM1zcv4qlmu3TqoeAFpasL0f+y
MD5:	49CA426CC83BA41AB5D24620FB78890E
SHA1:	6D898BD99A77059B45392A9DC340CD676DAB53D2
SHA-256:	DF6C6685DCC8A3F23C0C2D51C7C00A2165C95D9C7FECA910B22B593CB9778B3E
SHA-512:	0416847FBBF9D4FF38993A1A6E9E827B1C3338947C099EF9077CA183253D9F77ABAE19E603698E49160CF336E4504AC423EE4456689609CD69A21A753CD3272D
Malicious:	false
Reputation:	low
Preview:	.....o.e..ESCAIXA_JUSTIFICANTEPAG0.exe..\}`S...I.6m...JA..EQP+.Hi.-.R7.R#...pJ.37...L)..v#<..M7.9..ml..6'U..e...."Ta.8..S.jWR,.../).>..?...u..~.s.9.....J&I.,....$.........../...O...&....x..(..X.....>...a.iw.W...+...Y.._tV........Ug%.....'....7....<..{...RZ..I..,...0..-.M..tIz.=\|.....#t .A...7KR2..xH.I\|P....)IY.@..PH....qfi3E6...O..?yc..=.......:.'.....e.e.....}.\..#IK._q........R.M./.+....0i......D.m...\|...W.8..f.."...i\|+.....?....i......#.......>dSWHRk...Rk.C....,n....X....R...R8.V..e.-.zt..b[....L&.%9.......k.z..=.K.,..n.)[.RCH........Mg...O.H.=.<\J..!.m.C.$i.....X.vO.#i..c..BvP:..DZI.\.9.....e.....C..l......rk.E..].Rg.e.EYr...5;..z....&7.K..%....D`.U+u..K.5{-F.~..yJ.f.`.3.aR..."..N1Kd...F........'J....f..D.C..p_w^.C.[Sb....".l...-....x....SS....50..cWVy...[.H(w...(.$./b...I..........".TE...9..f=y...........=..J...L.....s..y8.=..Y.g.t=..~L..H.....a..C.-...="I...Rl..@.o.$....Y..4..R...l.$..9..E._...w%..e5.^.l!...J.....4kh...n.2Ss

C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	691217025
Entropy (8bit):	0.044415948679910736
Encrypted:	false
SSDEEP:
MD5:	DE7B0B12B76A57A70A091974077659DA
SHA1:	85A2DE6A20567705ABD8AB61C61ADB56D1E8C657
SHA-256:	26BAB99F71874C96DBD638C676564E2B03F681BAFA86217650B18D730190F9F8
SHA-512:	2DA8409DF9E67C7275AF9326BED1F5FC3B377CB9E914810D33CBB36F986114C30155C6E1B72716FEFA2E99F511288EB6674E4ADFA8DEC21DB7F8520F5A92D12F
Malicious:	false
Reputation:	low
Preview:	MZ`.....................@...............................................!..L.!Require Windows..$.,Z.HM4.HM4.HM4.A5..MM4.A5..YM4.HM5.M4.';..QM4.';...M4.';...M4.';..IM4.';..IM4.RichHM4.................PE..L......X.............................h............@.................................z.....@..............................................................!..............................................................p............................text.............................. ..`.rdata..._.......`..................@..@.data...Dd...0......................@....rsrc................*..............@..@.reloc..b'.......(...&..............@..B................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "ESCAIXA_JUSTIFICANTEPAG0.exe", last modified: Tue Jan 23 07:47:43 2024, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 691217025
Category:	downloaded
Size (bytes):	2425444
Entropy (8bit):	6.6478371528656695
Encrypted:	false
SSDEEP:	24576:c3i88vWi9eKm1COcv4qr72zi/eu3TKT2CdK711uo83AFxKYpfS3+5L0fjAxy:MAWiM1zcv4qlmu3TqoeAFpasL0f+y
MD5:	49CA426CC83BA41AB5D24620FB78890E
SHA1:	6D898BD99A77059B45392A9DC340CD676DAB53D2
SHA-256:	DF6C6685DCC8A3F23C0C2D51C7C00A2165C95D9C7FECA910B22B593CB9778B3E
SHA-512:	0416847FBBF9D4FF38993A1A6E9E827B1C3338947C099EF9077CA183253D9F77ABAE19E603698E49160CF336E4504AC423EE4456689609CD69A21A753CD3272D
Malicious:	false
Reputation:	low
URL:	https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0
Preview:	.....o.e..ESCAIXA_JUSTIFICANTEPAG0.exe..\}`S...I.6m...JA..EQP+.Hi.-.R7.R#...pJ.37...L)..v#<..M7.9..ml..6'U..e...."Ta.8..S.jWR,.../).>..?...u..~.s.9.....J&I.,....$.........../...O...&....x..(..X.....>...a.iw.W...+...Y.._tV........Ug%.....'....7....<..{...RZ..I..,...0..-.M..tIz.=\|.....#t .A...7KR2..xH.I\|P....)IY.@..PH....qfi3E6...O..?yc..=.......:.'.....e.e.....}.\..#IK._q........R.M./.+....0i......D.m...\|...W.8..f.."...i\|+.....?....i......#.......>dSWHRk...Rk.C....,n....X....R...R8.V..e.-.zt..b[....L&.%9.......k.z..=.K.,..n.)[.RCH........Mg...O.H.=.<\J..!.m.C.$i.....X.vO.#i..c..BvP:..DZI.\.9.....e.....C..l......rk.E..].Rg.e.EYr...5;..z....&7.K..%....D`.U+u..K.5{-F.~..yJ.f.`.3.aR..."..N1Kd...F........'J....f..D.C..p_w^.C.[Sb....".l...-....x....SS....50..cWVy...[.H(w...(.$./b...I..........".TE...9..f=y...........=..J...L.....s..y8.=..Y.g.t=..~L..H.....a..C.-...="I...Rl..@.o.$....Y..4..R...l.$..9..E._...w%..e5.^.l!...J.....4kh...n.2Ss

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 23, 2024 19:14:48.349996090 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.350032091 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.350091934 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.350905895 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.350939035 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.350994110 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.351171970 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.351185083 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.351464987 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.351473093 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.355787992 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.355793953 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.355866909 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.356415033 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.356426954 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.356489897 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.356663942 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.356673956 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.356841087 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.356853962 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.605923891 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.606179953 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.606203079 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.607306004 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.607373953 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.608211040 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.608266115 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.608412027 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.608417034 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.609730005 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.609919071 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.609947920 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.610482931 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.610588074 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.611506939 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.611572981 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.612345934 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.612433910 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.612663984 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.612679958 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.655639887 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.655761003 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.695071936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.695430040 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.695488930 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.696389914 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.696487904 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.696505070 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.696557045 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.697499037 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.697561026 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.697848082 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.697860003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.702511072 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.702688932 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.702718973 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.704380035 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.704459906 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.704467058 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.704508066 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.706434965 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.706513882 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.751602888 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.751612902 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.751622915 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:48.799578905 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:48.820024014 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.820393085 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.820583105 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.821461916 CET	49722	443	192.168.2.16	74.125.138.100
Jan 23, 2024 19:14:48.821497917 CET	443	49722	74.125.138.100	192.168.2.16
Jan 23, 2024 19:14:48.822911978 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.823332071 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:48.823400974 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.824152946 CET	49721	443	192.168.2.16	64.233.176.84
Jan 23, 2024 19:14:48.824189901 CET	443	49721	64.233.176.84	192.168.2.16
Jan 23, 2024 19:14:49.502598047 CET	49673	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:14:49.502667904 CET	49674	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:14:49.611535072 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.661870003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.661920071 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.661983967 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.662007093 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.662014008 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.662019014 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.662034988 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.662070036 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.662075043 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.662098885 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.710601091 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.760937929 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.760952950 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.761015892 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.761043072 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.761055946 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.761055946 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.761073112 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.761092901 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.761092901 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.761097908 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.761113882 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.761137009 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.807573080 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.807614088 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.807727098 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.807758093 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.807810068 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.847529888 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.847547054 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.847676039 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.847676039 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.847702980 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.847750902 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.876018047 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.876044035 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.876194000 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.876252890 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.876317024 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.902323008 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.902349949 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.902539015 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.902539015 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.902563095 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.902575016 CET	49672	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:14:49.902610064 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.930378914 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.930406094 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.930516958 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.930516958 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.930542946 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.930859089 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.952369928 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.952414036 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.952636003 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.952661037 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.952708960 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.965447903 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.965491056 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.965531111 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.965544939 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.965615988 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.965616941 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.980762959 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.980808020 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.980854034 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.980874062 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.980909109 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.980935097 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.993913889 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.993974924 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.993985891 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.994003057 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:49.994026899 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:49.994044065 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.005294085 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.005337000 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.005364895 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.005373955 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.005403042 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.005418062 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.016920090 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.016977072 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.016980886 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.017004967 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.017024994 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.017044067 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.028951883 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.028992891 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.029031038 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.029042006 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.029074907 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.029090881 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.038742065 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.038783073 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.038819075 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.038827896 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.038858891 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.038875103 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.049726963 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.049771070 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.049782038 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.049794912 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.049834967 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.049846888 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.058590889 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.058634043 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.058661938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.058670044 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.058698893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.058715105 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.066914082 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.066956043 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.067044020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.067044020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.067066908 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.067118883 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.075933933 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.075978041 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.076010942 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.076020002 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.076044083 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.076071024 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.083184958 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.083225012 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.083270073 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.083276987 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.083309889 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.083329916 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.091273069 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.091312885 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.091341972 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.091348886 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.091367960 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.091387987 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.097958088 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.098001957 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.098046064 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.098058939 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.098088026 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.098107100 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.105231047 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.105271101 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.105318069 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.105331898 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.105365038 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.105381012 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.111057997 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.111099005 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.111157894 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.111171961 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.111197948 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.111222029 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.117227077 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.117269039 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.117331028 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.117340088 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.117358923 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.117378950 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.122581959 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.122627974 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.122685909 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.122693062 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.122716904 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.122735977 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.128529072 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.128571033 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.128619909 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.128626108 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.128649950 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.128675938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.133394957 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.133436918 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.133481979 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.133488894 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.133519888 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.133544922 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.138525009 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.138566971 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.138597012 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.138603926 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.138780117 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.143718958 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.143800020 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.143814087 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.143822908 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.143853903 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.143872023 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.147989035 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.148049116 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.148082972 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.148089886 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.148130894 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.148153067 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.152894974 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.152937889 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.152967930 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.152975082 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.153021097 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.156543970 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.156586885 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.156616926 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.156624079 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.156650066 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.156671047 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.160541058 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.160582066 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.160628080 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.160635948 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.160670996 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.160689116 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.165317059 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.165389061 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.165420055 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.165432930 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.165457010 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.165477991 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.169133902 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.169176102 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.169224024 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.169236898 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.169265032 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.169287920 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.173178911 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.173219919 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.173259020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.173271894 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.173301935 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.173320055 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.176839113 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.176878929 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.176918983 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.176932096 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.176965952 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.176984072 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.181261063 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.181308985 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.181361914 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.181390047 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.181420088 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.181437969 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.184884071 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.184909105 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.184951067 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.184964895 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.184992075 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.185010910 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.188201904 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.188216925 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.188282013 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.188294888 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.188353062 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.191621065 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.191639900 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.191704988 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.191720009 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.191745996 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.191765070 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.195605993 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.195621014 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.195688009 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.195700884 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.195743084 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.198875904 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.198889017 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.198959112 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.198971033 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.199018955 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.202033997 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.202052116 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.202106953 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.202119112 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.202145100 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.202162027 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.205801964 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.205821037 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.205919981 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.205933094 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.205982924 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.208883047 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.208897114 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.208959103 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.208971024 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.209012985 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.211807013 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.211821079 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.211884022 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.211896896 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.211937904 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.214423895 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.214437962 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.214502096 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.214514017 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.214555979 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.218210936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.218225002 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.218269110 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.218281984 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.218310118 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.218326092 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.220980883 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.221000910 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.221081018 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.221093893 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.221148968 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.223769903 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.223784924 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.223845005 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.223853111 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.223891020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.227125883 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.227139950 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.227190971 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.227197886 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.227232933 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.229829073 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.229849100 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.229898930 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.229904890 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.229929924 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.229950905 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.232386112 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.232398987 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.232450962 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.232456923 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.232479095 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.232496023 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.235515118 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.235534906 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.235585928 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.235593081 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.235614061 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.235632896 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.237987995 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.238008022 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.238065958 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.238074064 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.238115072 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.240552902 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.240577936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.240642071 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.240648985 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.240679979 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.240698099 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.242961884 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.242988110 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.243022919 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.243032932 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.243050098 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.243074894 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.245810032 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.245832920 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.245872021 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.245881081 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.245894909 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.245919943 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.247838020 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.247869968 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.247915030 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.247920036 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.247936010 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.247951984 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.250701904 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.250751019 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.250787020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.250798941 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.250829935 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.250854969 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.252563953 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.252604961 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.252639055 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.252655029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.252677917 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.252696037 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.255426884 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.255487919 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.255522966 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.255537987 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.255563021 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.255579948 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.257240057 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.257283926 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.257318020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.257328987 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.257355928 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.257384062 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.259917021 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.259958029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.259994984 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.260006905 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.260032892 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.260047913 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.261707067 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.261750937 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.261786938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.261799097 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.261825085 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.261843920 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.264292002 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.264394999 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.264431000 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.264441967 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.264471054 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.264492035 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.266103029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.266145945 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.266177893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.266189098 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.266216040 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.266232014 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.268430948 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.268511057 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.268516064 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.268541098 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.268573999 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.268594027 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.270340919 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.270380020 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.270431995 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.270445108 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.270471096 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.270494938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.272630930 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.272671938 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.272733927 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.272746086 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.272773981 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.272792101 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.274547100 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.274617910 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.274678946 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.274689913 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.274719000 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.274733067 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.276474953 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.276515007 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.276585102 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.276596069 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.276622057 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.276639938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.278297901 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.278342009 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.278397083 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.278408051 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.278433084 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.278455973 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.280503988 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.280556917 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.280608892 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.280620098 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.280652046 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.280666113 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.282346010 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.282388926 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.282438993 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.282450914 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.282474995 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.282501936 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.284070969 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.284111977 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.284152985 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.284164906 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.284190893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.284209013 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.285829067 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.285871029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.285909891 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.285922050 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.285953045 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.285969973 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.287880898 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.287957907 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.287971020 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.287988901 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.288012981 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.288031101 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.288048983 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.289655924 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.289699078 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.289733887 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.289745092 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.289769888 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.289793015 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.291568041 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.291615963 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.291647911 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.291659117 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.291697979 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.291713953 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.293401003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.293452024 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.293487072 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.293498039 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.293524981 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.293560028 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.294951916 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.294996023 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.295033932 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.295044899 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.295070887 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.295089006 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.296848059 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.296886921 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.296921968 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.296932936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.296958923 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.296977997 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.298650026 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.298691988 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.298727036 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.298738003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.298765898 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.298784018 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.300457001 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.300498009 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.300530910 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.300542116 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.300566912 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.300611973 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.301784992 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.301826000 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.301879883 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.301913023 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.301964998 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.301964998 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.303458929 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.303499937 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.303551912 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.303564072 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.303589106 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.303606987 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.305109024 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.305183887 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.305218935 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.305229902 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.305255890 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.305279970 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.306927919 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.306982994 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.307015896 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.307027102 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.307053089 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.307066917 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.308124065 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.308165073 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.308202028 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.308212996 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.308238983 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.308263063 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.309781075 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.309799910 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.309864998 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.309876919 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.309921980 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.309921980 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.310851097 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.310863972 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.310898066 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.310909986 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.310934067 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.310952902 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.312699080 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.312711954 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.312766075 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.312777996 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.312807083 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.312830925 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.314121008 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.314133883 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.314204931 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.314215899 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.314275980 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.315974951 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.316004992 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.316061974 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.316073895 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.316099882 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.316116095 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.316929102 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.316941977 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.317009926 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.317020893 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.317074060 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.319523096 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.319535971 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.319596052 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.319608927 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.319662094 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.320260048 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.320275068 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.320332050 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.320343971 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.320394993 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.321801901 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.321815014 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.321872950 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.321886063 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.321938038 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.322704077 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.322719097 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.322773933 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.322782040 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.322813988 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.324460030 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.324471951 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.324522972 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.324529886 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.324567080 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.325685978 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.325699091 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.325751066 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.325757027 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.325797081 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.327434063 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.327447891 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.327497005 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.327503920 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.327541113 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.328507900 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.328524113 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.328572035 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.328577995 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.328593969 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.328614950 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.329518080 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.329530954 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.329577923 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.329583883 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.329595089 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.329618931 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.331027031 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.331041098 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.331099987 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.331106901 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.331142902 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.332834005 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.332849979 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.332907915 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.332912922 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.332952023 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.334101915 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.334165096 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.334189892 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.334196091 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.334225893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.334247112 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.335566044 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.335612059 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.335635900 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.335642099 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.335663080 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.335685015 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.336275101 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.336318970 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.336344004 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.336349964 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.336371899 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.336397886 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.338265896 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.338305950 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.338339090 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.338345051 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.338361979 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.338383913 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.339231968 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.339273930 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.339293003 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.339299917 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.339319944 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.339340925 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.340756893 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.340799093 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.340823889 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.340830088 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.340847015 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.340868950 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.342045069 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.342087030 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.342104912 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.342112064 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.342125893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.342145920 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.343899965 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.343940973 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.343970060 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.343975067 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.344001055 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.344018936 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.345347881 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.345400095 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.345427990 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.345432997 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.345459938 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.345477104 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.346112967 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.346153021 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.346180916 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.346187115 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.346210003 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.346230030 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.347495079 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.347542048 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.347579956 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.347585917 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.347606897 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.347665071 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.348670959 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.348726988 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.348767996 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.348773003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.348814964 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.348838091 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.349807978 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.349853039 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.349895000 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.349906921 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.349935055 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.349951029 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.350606918 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.350649118 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.350692987 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.350703955 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.350732088 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.350745916 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.351589918 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.351629972 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.351670980 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.351681948 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.351716042 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.351735115 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.353359938 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.353401899 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.353441000 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.353452921 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.353480101 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.353496075 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.354595900 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.354636908 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.354679108 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.354690075 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.354717970 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.354732037 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.355480909 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.355521917 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.355567932 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.355578899 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.355604887 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.355621099 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.357383966 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.357424974 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.357461929 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.357479095 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.357501984 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.357527018 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.358731031 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.358772039 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.358814955 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.358836889 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.358922958 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.358941078 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.359967947 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360014915 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360049009 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.360060930 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360086918 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.360107899 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.360625029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360666037 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360702991 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.360714912 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.360740900 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.360775948 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.361912966 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.361953974 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.361995935 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.362008095 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.362032890 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.362066031 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.363280058 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.363322973 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.363354921 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.363360882 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.363380909 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.363398075 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.364480972 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.364521027 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.364571095 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.364577055 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.364600897 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.364620924 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.365134001 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.365174055 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.365205050 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.365211010 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.365242958 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.365262985 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.366194010 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.366250992 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.366282940 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.366296053 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.366322994 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.366342068 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.367651939 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.367698908 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.367734909 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.367747068 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.367775917 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.367791891 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.368660927 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.368701935 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.368741035 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.368752956 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.368779898 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.368798018 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.369334936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.369374037 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.369409084 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.369421959 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.369448900 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.369486094 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.370040894 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.370083094 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.370114088 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.370125055 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.370151043 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.370191097 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.371085882 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.371124029 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.371159077 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.371171951 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.371198893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.371215105 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.372848034 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.372888088 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.372925997 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.372940063 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.372966051 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.372987986 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.373754978 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.373804092 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.373832941 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.373846054 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.373871088 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.373887062 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.374327898 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.374367952 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.374404907 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.374416113 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.374442101 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.374469042 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.376283884 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.376324892 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.376360893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.376379013 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.376401901 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.376420975 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377419949 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377460003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377490997 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377504110 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377527952 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377549887 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377671957 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377712011 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377729893 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377746105 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.377770901 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.377810001 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.378217936 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.378257990 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.378292084 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.378303051 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.378329039 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.378357887 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.378858089 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.379020929 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.379040003 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.379066944 CET	443	49719	162.125.9.15	192.168.2.16
Jan 23, 2024 19:14:50.379093885 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:50.379128933 CET	49719	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:14:51.341139078 CET	443	49704	23.1.237.25	192.168.2.16
Jan 23, 2024 19:14:51.341403008 CET	49704	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:14:52.677342892 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.677373886 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.677444935 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.677795887 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.677807093 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.898902893 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.899267912 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.899281025 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.900816917 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.900883913 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.902144909 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.902235985 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:52.955600977 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:14:52.955615997 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:14:53.003580093 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:02.906236887 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:02.906300068 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:02.906348944 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:03.829596043 CET	49704	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:03.829703093 CET	49704	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:03.830127001 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:03.830223083 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:03.830327988 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:03.830682993 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:03.830697060 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:03.937426090 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:03.937455893 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:03.937530994 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:03.983408928 CET	443	49704	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:03.983448982 CET	443	49704	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:03.997570992 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:03.997601032 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.145522118 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:04.145593882 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:04.368609905 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.368694067 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.374835968 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.374846935 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.375145912 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.430721998 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.573846102 CET	49724	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:04.573868036 CET	443	49724	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:04.601043940 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.641906023 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.669409990 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:04.669441938 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:04.670582056 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:04.670666933 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:04.678368092 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:04.678430080 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:04.678577900 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:04.725903034 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:04.839210987 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839240074 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839246988 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839261055 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839267015 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839273930 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839296103 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.839318991 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839344025 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.839345932 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839359999 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839370966 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.839379072 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839394093 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.839416981 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.839425087 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839442015 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.839477062 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.864953041 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.864984989 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:04.865000963 CET	49727	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:04.865006924 CET	443	49727	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:05.022023916 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:05.022124052 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:05.022169113 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:05.022272110 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:05.022346973 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:05.022397041 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:05.023317099 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:05.023343086 CET	443	49726	23.1.237.25	192.168.2.16
Jan 23, 2024 19:15:05.023353100 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:05.023389101 CET	49726	443	192.168.2.16	23.1.237.25
Jan 23, 2024 19:15:33.758619070 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:15:33.758635044 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:15:37.603135109 CET	49714	80	192.168.2.16	23.40.205.48
Jan 23, 2024 19:15:37.717187881 CET	80	49714	23.40.205.48	192.168.2.16
Jan 23, 2024 19:15:37.717262983 CET	49714	80	192.168.2.16	23.40.205.48
Jan 23, 2024 19:15:41.448609114 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.448698997 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:41.448868990 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.449994087 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.450032949 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:41.818399906 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:41.818484068 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.819876909 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.819891930 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:41.820117950 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:41.821616888 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:41.861901999 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170301914 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170326948 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170341969 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170433998 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:42.170459986 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170478106 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:42.170536041 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:42.176070929 CET	49729	443	192.168.2.16	20.12.23.50
Jan 23, 2024 19:15:42.176089048 CET	443	49729	20.12.23.50	192.168.2.16
Jan 23, 2024 19:15:50.393733978 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:15:50.393937111 CET	443	49720	162.125.9.15	192.168.2.16
Jan 23, 2024 19:15:50.394021034 CET	49720	443	192.168.2.16	162.125.9.15
Jan 23, 2024 19:15:52.615787029 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:52.615819931 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.615880013 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:52.616080046 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:52.616096973 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.828125000 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.828478098 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:52.828504086 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.829015017 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.829310894 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:15:52.829377890 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:15:52.870590925 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:16:02.838515043 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:16:02.838701010 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:16:02.838793993 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:16:04.393486977 CET	49731	443	192.168.2.16	74.125.136.99
Jan 23, 2024 19:16:04.393507957 CET	443	49731	74.125.136.99	192.168.2.16
Jan 23, 2024 19:16:17.691740036 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.691836119 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.692166090 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.692296982 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.692327976 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.908199072 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.908627987 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.908687115 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.909086943 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.909173012 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.909818888 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.909890890 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.911606073 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.911668062 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.911843061 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:17.911854029 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:17.963617086 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:18.125490904 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:18.128226995 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:18.128369093 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:18.128506899 CET	49732	443	192.168.2.16	142.250.9.100
Jan 23, 2024 19:16:18.128530979 CET	443	49732	142.250.9.100	192.168.2.16
Jan 23, 2024 19:16:29.677747011 CET	49716	443	192.168.2.16	23.54.200.130
Jan 23, 2024 19:16:29.793551922 CET	443	49716	23.54.200.130	192.168.2.16
Jan 23, 2024 19:16:29.793582916 CET	443	49716	23.54.200.130	192.168.2.16
Jan 23, 2024 19:16:29.793675900 CET	49716	443	192.168.2.16	23.54.200.130
Jan 23, 2024 19:16:29.793715954 CET	49716	443	192.168.2.16	23.54.200.130
Jan 23, 2024 19:16:33.248377085 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:33.442924976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:33.443011999 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:38.502187967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:38.746078014 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:38.746187925 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:38.980190992 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.073024988 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.074965954 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075009108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075059891 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.075093985 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075135946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075146914 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.075174093 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075221062 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.075232029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075268984 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075305939 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075315952 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.075344086 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.075395107 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.269254923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269401073 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269412994 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269424915 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269432068 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269438982 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269444942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269452095 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269464016 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269469976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269475937 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269483089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269489050 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269495964 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269503117 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269509077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269515038 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269526005 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269532919 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.269576073 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.269576073 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.269625902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.463681936 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463727951 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463766098 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463808060 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.463851929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463890076 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463901997 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.463927984 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463965893 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.463980913 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464004040 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464040995 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464050055 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464077950 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464114904 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464123011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464153051 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464190006 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464196920 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464227915 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464267015 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464272022 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464307070 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464343071 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464350939 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464380026 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464426994 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464437008 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464473963 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464510918 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464519978 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464548111 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464584112 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464606047 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464622021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464659929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464664936 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464698076 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464744091 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464751959 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464792013 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464828014 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464838982 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464865923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464903116 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464910030 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.464941025 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464977980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.464984894 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.465014935 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.465059996 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.658977985 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659008980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659116030 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659122944 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659131050 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659145117 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659158945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659172058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659188986 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659193993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659200907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659214020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659226894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659229994 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659240961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659255981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659266949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659279108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659281015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659287930 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659296989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659308910 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659318924 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659322023 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659333944 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659343958 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659347057 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659359932 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659368992 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659372091 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659384966 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659393072 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659399033 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659411907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659424067 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659435034 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659439087 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659447908 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659447908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659461021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659468889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659476042 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659488916 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659497976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659502029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659516096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659523010 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659528971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659543037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659553051 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659557104 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659569979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659578085 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659584045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659595966 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659607887 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659619093 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659622908 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659629107 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659631968 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659645081 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659657955 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659670115 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659672976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659686089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659698009 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659708977 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659708977 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659710884 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659724951 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659734964 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659738064 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659751892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659758091 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659765005 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659778118 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659791946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659791946 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659805059 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659816027 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659820080 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659833908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659843922 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659847021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659859896 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659868002 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659873962 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659885883 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659897089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659904003 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659912109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659924984 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659926891 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659938097 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659948111 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659950972 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659964085 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659972906 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.659977913 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.659991026 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.660008907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.660032988 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854150057 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854290009 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854305983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854319096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854332924 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854346991 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854356050 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854360104 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854374886 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854377031 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854388952 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854403973 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854418039 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854424953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854438066 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854446888 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854454041 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854460955 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854466915 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854473114 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854481936 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854490042 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854501009 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854507923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854518890 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854532957 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854535103 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854547024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854558945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854564905 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854572058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854583979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854587078 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854598999 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854602098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854613066 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854619980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854626894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854629993 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854634047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854640961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854651928 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854665041 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854676962 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854681015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854691982 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854696989 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854706049 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854721069 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854727983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854737043 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854741096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854753017 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854758024 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854767084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854768991 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854780912 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854794025 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854804039 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854810953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854824066 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854830980 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854839087 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854846001 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854851961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854859114 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854871035 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854882956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854890108 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854897022 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854906082 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854919910 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854927063 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854932070 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854942083 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854954958 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854959011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.854969025 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854983091 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854990005 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.854995966 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855004072 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855015993 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855017900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855031967 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855042934 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855046034 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855060101 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855068922 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855072975 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855087042 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855098009 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855099916 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855109930 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855113983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855123997 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855137110 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855144024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855154991 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855166912 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855174065 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855180979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855189085 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855201960 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855318069 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855318069 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855318069 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855372906 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855386019 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855398893 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855406046 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855418921 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855422974 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855432987 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855443001 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855447054 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855449915 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855460882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855474949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855488062 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855489969 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855505943 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855514050 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855520964 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855535030 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855541945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855549097 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855562925 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855571032 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855577946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855591059 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855606079 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855614901 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855619907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855633974 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855643034 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855645895 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855652094 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855659962 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855673075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855681896 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855685949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855700016 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855705976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855715036 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855727911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855741024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855748892 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855752945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855771065 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855775118 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855788946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855803967 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855813026 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855818033 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855830908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855839968 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855844975 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855858088 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855861902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855873108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855880022 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855886936 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855900049 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855914116 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855926037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855938911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855942011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855953932 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855963945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.855967999 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855982065 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855994940 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.855998039 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856009007 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856018066 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856024027 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856038094 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856050968 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856056929 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856065989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856076956 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856080055 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856095076 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856102943 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856110096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856122017 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856134892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856144905 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856148958 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:39.856165886 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:39.856189013 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049207926 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049273014 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049314976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049335003 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049355030 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049396038 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049402952 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049436092 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049474001 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049487114 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049513102 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049551010 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049554110 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049590111 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049628019 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049649000 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049670935 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049710035 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049719095 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049751997 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049787998 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049803019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049825907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049865007 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049877882 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.049938917 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.049978018 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050014973 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050010920 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050054073 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050087929 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050090075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050144911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050165892 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050183058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050220013 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050230980 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050259113 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050296068 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050312042 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050333023 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050369978 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050379038 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050406933 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050445080 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050453901 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050482035 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050519943 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050525904 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050558090 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050595045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050626993 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050632954 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050671101 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050687075 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050709009 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050746918 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050760031 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050785065 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050822973 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050834894 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050860882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050899029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050909996 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.050937891 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050975084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.050985098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051014900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051052094 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051062107 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051090956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051127911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051139116 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051166058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051203966 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051215887 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051242113 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051280022 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051290035 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051322937 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051359892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051371098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051397085 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051434994 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051446915 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051474094 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051512003 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051518917 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051552057 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051589012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051610947 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051635981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051673889 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051687002 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051712036 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051750898 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051758051 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051789045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051826000 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051836014 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051863909 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051903963 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051915884 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.051940918 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051978111 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.051990986 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052016973 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052053928 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052062988 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052090883 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052128077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052145004 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052165031 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052201986 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052225113 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052239895 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052278996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052287102 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052315950 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052355051 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052371025 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052392006 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052428961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052439928 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052467108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052503109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052515030 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052541018 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052577019 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052587986 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052614927 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052651882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052664042 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052690029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052730083 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052738905 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052767992 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052807093 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052819014 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052845001 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052881002 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052889109 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052918911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052958012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.052961111 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.052995920 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053035021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053040028 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053071976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053108931 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053113937 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053147078 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053184032 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053189039 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053220987 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053257942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053263903 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053294897 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053330898 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053368092 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053395987 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053405046 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053405046 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053442955 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053481102 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053479910 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053519011 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053555012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053566933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053592920 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053631067 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053643942 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053670883 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053708076 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053719044 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053749084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053786993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053814888 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053823948 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053833008 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053863049 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053872108 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053909063 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053919077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053956985 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.053970098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.053994894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054007053 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054032087 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054037094 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054069996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054078102 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054110050 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054121017 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054148912 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054157972 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054187059 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054198027 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054224968 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054236889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054263115 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054272890 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054302931 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054313898 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054342031 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054351091 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054380894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054390907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054420948 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054430962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054459095 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054481983 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054497957 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054505110 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054536104 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054544926 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054574013 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054584026 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054614067 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054650068 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054650068 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054677010 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054687977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054697990 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054733038 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054744959 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054771900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054780006 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054831028 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054843903 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054871082 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054879904 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054909945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054919004 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054950953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.054959059 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.054996967 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055010080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055037022 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055047035 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055074930 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055084944 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055114031 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055124998 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055154085 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055160999 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055191994 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055202961 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055229902 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055238962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055269003 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055279016 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055306911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055315971 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055349112 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055355072 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055387020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055394888 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055424929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055439949 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055464983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055471897 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055502892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055511951 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055541039 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055551052 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055579901 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055592060 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055618048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055640936 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055655956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055668116 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055695057 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.055706024 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.055743933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.249964952 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250065088 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250102997 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250138998 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250175953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250176907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250176907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250214100 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250231028 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250252008 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250273943 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250289917 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250291109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250329971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250345945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250370026 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250381947 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250407934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250421047 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250448942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250457048 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250487089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250497103 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250524998 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250538111 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250562906 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250582933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250601053 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250612020 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250641108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250650883 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250679970 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250693083 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250720978 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250731945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250758886 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250768900 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250842094 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250857115 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250880957 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250891924 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250919104 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250935078 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250957012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.250969887 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.250997066 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251007080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251035929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251046896 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251075029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251085997 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251116991 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251127005 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251159906 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251168966 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251200914 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251210928 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251240015 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251250029 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251276970 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251288891 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251317024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251328945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251358032 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251370907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251396894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251408100 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251435995 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251446962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251473904 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251486063 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251513958 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251529932 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251554966 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251568079 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251594067 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251610041 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251637936 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251655102 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251676083 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251691103 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251714945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251725912 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251755953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251763105 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251792908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251806021 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251832962 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251842976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251871109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251883030 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251909971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251920938 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251948118 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.251959085 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.251986980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252000093 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252027035 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252037048 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252067089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252074957 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252105951 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252118111 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252144098 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252156019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252186060 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252213955 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252224922 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252238035 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252263069 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252274990 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252304077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252312899 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252342939 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252358913 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252381086 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252393007 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252419949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252429962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252458096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252470016 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252496004 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252507925 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252536058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252546072 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252573967 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252583981 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252613068 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252624035 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252650976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252661943 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252690077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252701044 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252729893 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252741098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252768993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252779961 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252809048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252819061 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252846956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252859116 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252886057 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252896070 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252923965 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252933979 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.252963066 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.252973080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253001928 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253011942 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253041029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253052950 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253079891 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253092051 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253118992 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253129005 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253156900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253168106 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253195047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253206015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253232956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253247023 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253273964 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253283978 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253313065 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253321886 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253353119 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253360033 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253391027 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253401041 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253428936 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253441095 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253468990 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253475904 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253506899 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253542900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253560066 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253575087 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253581047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253611088 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253621101 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253622055 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253659964 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253673077 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253700018 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253710985 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253739119 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253751993 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253777981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253789902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253817081 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253829002 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253856897 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253864050 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253906012 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.253926992 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253963947 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.253974915 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254004002 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254013062 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254043102 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254050016 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254081011 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254091024 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254120111 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254129887 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254158020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254169941 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254198074 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254206896 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254236937 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254256010 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254277945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254281998 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254316092 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254327059 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254354000 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254367113 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254394054 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254403114 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254432917 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254441023 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254471064 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254479885 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254511118 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254520893 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254550934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254559040 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254589081 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254611015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254627943 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254637957 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254666090 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254678011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254704952 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254718065 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254745960 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254753113 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254782915 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254795074 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254822016 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254833937 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254861116 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254870892 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254899979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254909992 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254939079 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254949093 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.254977942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.254990101 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255018950 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255045891 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255055904 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255065918 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255094051 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255105019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255132914 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255141020 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255172014 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255179882 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255212069 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255223036 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255254030 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255261898 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255292892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255302906 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255331993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255338907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255369902 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255405903 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255404949 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255445004 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255451918 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255451918 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255477905 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255484104 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255522013 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255528927 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255561113 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255568981 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255614996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255656958 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255734921 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255747080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255774021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255774975 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255814075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255815029 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255851984 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255858898 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255889893 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255903006 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255927086 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255932093 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.255964994 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.255966902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256004095 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256010056 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256042957 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256050110 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256082058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256088972 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256124020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256128073 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256161928 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256166935 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256200075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256206989 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256241083 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.256246090 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.256287098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.310038090 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.310132980 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450253010 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450283051 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450334072 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450331926 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450352907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450361967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450372934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450376034 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450392008 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450393915 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450413942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450417995 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450434923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450436115 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450450897 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450454950 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450470924 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450490952 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450491905 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450511932 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450520992 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450529099 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450547934 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450547934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450565100 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450573921 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450575113 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450582981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450602055 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450608969 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450620890 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450628996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450645924 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450649023 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450678110 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450680971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450687885 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450702906 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450721979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450723886 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450743914 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450745106 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450762987 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450764894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450783968 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450786114 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450798988 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450808048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450815916 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450828075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450845957 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450849056 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450864077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450865984 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450885057 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450901985 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.450961113 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.450979948 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451000929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451003075 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451020956 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451025963 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451039076 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451049089 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451059103 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451075077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451092958 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451096058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451107979 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451117039 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451139927 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451139927 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451159000 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451164007 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451183081 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451189041 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451206923 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451210022 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451224089 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451231956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451251030 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451256037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451272011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451275110 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451292992 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451297045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451313019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451328039 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451359987 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451400995 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451406002 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451426029 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451437950 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451443911 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451464891 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451464891 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451483011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451492071 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451502085 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451515913 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.451536894 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.451554060 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452042103 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452080011 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452095985 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452112913 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452128887 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452135086 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452150106 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452151060 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452172041 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452188969 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452248096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452265024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452286959 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452287912 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452302933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452317953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452334881 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452337980 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452352047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452356100 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452369928 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452373981 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452388048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452397108 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452408075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452409983 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452425003 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452429056 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452446938 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452465057 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452833891 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452861071 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452877045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452879906 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452897072 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452898026 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452918053 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452919006 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452938080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452943087 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452956915 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452965021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.452982903 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.452984095 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453001976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453018904 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453044891 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453063965 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453079939 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453083992 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453100920 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453104019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453125000 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453130960 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453149080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453154087 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453171015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453180075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453188896 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453198910 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453222036 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453222036 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453241110 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453247070 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453258991 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453269005 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453285933 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453289986 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453305006 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453305960 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453325987 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453327894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453346968 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453351021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453361988 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453371048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453391075 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453391075 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453413963 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453414917 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453433037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453435898 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453449965 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453454018 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453471899 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453474998 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453505993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453521967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453531981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453550100 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453551054 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453571081 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453573942 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453593969 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453598976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453617096 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453617096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453632116 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453654051 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453655005 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453671932 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453679085 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453691959 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453704119 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453710079 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453715086 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453728914 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453732967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453748941 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453758001 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453768015 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453774929 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453784943 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453794956 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453795910 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453805923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453814983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453833103 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453851938 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453854084 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453870058 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453895092 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453900099 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453907967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453917980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453923941 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453934908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453938961 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453954935 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453955889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.453968048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453978062 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.453994989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454010963 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454014063 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454032898 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454035044 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454054117 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454056025 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454065084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454081059 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454099894 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454108953 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454119921 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454138994 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454138994 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454157114 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454157114 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454174995 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454179049 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454191923 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454197884 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454212904 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454215050 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454231024 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454242945 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454250097 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454262018 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454267979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454287052 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454288006 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454304934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454308987 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454324961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454329014 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454344988 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454349995 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454361916 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454365969 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454380989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454384089 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454396963 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454416037 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454416037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454433918 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454437971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454453945 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454459906 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454474926 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454483032 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454490900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454502106 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454514980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454518080 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454534054 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454540968 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454554081 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454560041 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454574108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454575062 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454596996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454603910 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454613924 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454621077 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454632998 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454637051 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454653978 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454658031 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454672098 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.454673052 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454690933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.454708099 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.504177094 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504419088 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504446983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504472971 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504493952 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504539967 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504561901 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504580021 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504596949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504614115 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.504616976 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504635096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504652977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504673958 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504693031 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504710913 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.504766941 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.504806995 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.644845009 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644875050 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644918919 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644931078 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.644937038 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644954920 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644961119 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.644972086 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.644994974 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645014048 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645023108 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645040989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645059109 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645076036 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645266056 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645282984 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645298004 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645302057 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645315886 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645318985 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645335913 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645349026 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645359993 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645369053 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645380020 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645385027 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645401955 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645406008 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645418882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645423889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645437002 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645441055 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645453930 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645459890 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645488977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645503044 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645504951 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645523071 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645524025 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645541906 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645544052 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645560980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645562887 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645579100 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645581007 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645597935 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645608902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645616055 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645621061 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645634890 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645637989 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645652056 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645657063 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645668983 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645673037 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645694971 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645715952 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645718098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645733118 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645749092 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645752907 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645766020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645781040 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645782948 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645807028 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645828962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645828962 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645847082 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645863056 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645867109 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645880938 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645884991 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645912886 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645915985 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645924091 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645934105 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645950079 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645966053 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645972967 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.645982981 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.645998955 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646014929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646032095 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646047115 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646059990 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646068096 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646068096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646086931 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646090984 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646104097 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646106958 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646121979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646132946 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646137953 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646147013 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646156073 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646158934 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646174908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646177053 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646190882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646195889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646209002 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646214008 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646225929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646229982 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646244049 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646245003 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646261930 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646265030 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646277905 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646291018 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646297932 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646301031 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646315098 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646322966 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646333933 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646333933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646352053 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646353960 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646361113 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646369934 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646385908 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646392107 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646404028 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646413088 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646420002 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646430016 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646437883 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646440029 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646455050 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646457911 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646471977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646475077 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646488905 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646492004 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646507025 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646509886 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646522999 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646528959 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646543026 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646544933 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646560907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646564960 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646578074 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646594048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646595955 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646611929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646620989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646626949 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646639109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646646976 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646656036 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646657944 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646673918 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646687031 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646691084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646699905 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646708012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646711111 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646728039 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646730900 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646745920 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646749020 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646761894 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646763086 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646781921 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646785021 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646792889 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646799088 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646815062 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646822929 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646831989 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646835089 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646850109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646855116 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646867037 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646871090 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646887064 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646889925 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646908045 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646913052 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646924973 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646929026 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646941900 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646945953 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646960020 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646967888 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.646977901 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646992922 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.646998882 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647011042 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647027969 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647032022 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647044897 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647062063 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647077084 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647094011 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647109032 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647125959 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647128105 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647144079 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647146940 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647161007 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647165060 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647177935 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647196054 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647200108 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647212982 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647228956 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647231102 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647248030 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647264004 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647268057 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647283077 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647300005 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.647301912 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.647344112 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648469925 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648510933 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648552895 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648591995 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648698092 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648716927 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648734093 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648736954 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648751974 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648768902 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648777962 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648787975 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648797989 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648803949 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648821115 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648840904 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648912907 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648930073 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648946047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648952961 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648962975 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648979902 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.648982048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.648999929 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649017096 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649019957 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649034977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649053097 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649210930 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649245977 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649250984 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649264097 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649300098 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649413109 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649492979 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649532080 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649549961 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649555922 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649568081 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649584055 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649606943 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649610996 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649626017 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649661064 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649678946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649696112 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649698019 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649713993 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649730921 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649733067 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649765968 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649768114 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.649868011 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649884939 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649909019 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649929047 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.649935007 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650043011 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650060892 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650068045 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650079012 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650094986 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650110960 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650125980 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650141954 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650150061 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650158882 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650176048 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650191069 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650197029 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650207996 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650223970 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650223970 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650242090 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650243044 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650259018 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650275946 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650278091 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650293112 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650310040 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.650314093 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.650346041 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:40.843327999 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:40.895755053 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:41.013099909 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:41.154417992 CET	49734	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:41.207091093 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:41.207844019 CET	7702	49733	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:41.207911015 CET	49733	7702	192.168.2.16	91.92.254.99
Jan 23, 2024 19:16:41.348973989 CET	7702	49734	91.92.254.99	192.168.2.16
Jan 23, 2024 19:16:41.349083900 CET	49734	7702	192.168.2.16	91.92.254.99

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 23, 2024 19:14:48.223294973 CET	62125	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.223563910 CET	54986	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.233917952 CET	57680	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.234213114 CET	57456	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.235362053 CET	58469	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.235558033 CET	63719	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:48.343147039 CET	53	62125	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.343458891 CET	53	52474	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.349520922 CET	53	54986	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.352519989 CET	53	57456	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.352873087 CET	53	57680	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.353919983 CET	53	58469	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:48.353960991 CET	53	63719	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:49.035934925 CET	53	63474	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:52.556495905 CET	63182	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:52.556804895 CET	49562	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:14:52.675544024 CET	53	63182	1.1.1.1	192.168.2.16
Jan 23, 2024 19:14:52.675780058 CET	53	49562	1.1.1.1	192.168.2.16
Jan 23, 2024 19:15:01.350233078 CET	138	138	192.168.2.16	192.168.2.255
Jan 23, 2024 19:15:05.950479031 CET	53	63470	1.1.1.1	192.168.2.16
Jan 23, 2024 19:15:24.905157089 CET	53	50974	1.1.1.1	192.168.2.16
Jan 23, 2024 19:15:47.303016901 CET	53	50182	1.1.1.1	192.168.2.16
Jan 23, 2024 19:15:47.864494085 CET	53	57034	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:13.017137051 CET	60953	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:16:13.156752110 CET	53	60953	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:15.960024118 CET	53	49476	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:17.569797039 CET	64298	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:16:17.569987059 CET	62626	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:16:17.688505888 CET	53	64298	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:17.688549042 CET	53	62626	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:30.961107016 CET	57662	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:16:31.092963934 CET	53	57662	1.1.1.1	192.168.2.16
Jan 23, 2024 19:16:46.878252029 CET	53122	53	192.168.2.16	1.1.1.1
Jan 23, 2024 19:16:46.998050928 CET	53	53122	1.1.1.1	192.168.2.16
Jan 23, 2024 19:17:02.182001114 CET	53	57979	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 23, 2024 19:14:48.223294973 CET	192.168.2.16	1.1.1.1	0x5a0d	Standard query (0)	dl.dropboxusercontent.com	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.223563910 CET	192.168.2.16	1.1.1.1	0x32aa	Standard query (0)	dl.dropboxusercontent.com	65	IN (0x0001)	false
Jan 23, 2024 19:14:48.233917952 CET	192.168.2.16	1.1.1.1	0xd187	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.234213114 CET	192.168.2.16	1.1.1.1	0x98d3	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Jan 23, 2024 19:14:48.235362053 CET	192.168.2.16	1.1.1.1	0x7ac4	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.235558033 CET	192.168.2.16	1.1.1.1	0x10ee	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Jan 23, 2024 19:14:52.556495905 CET	192.168.2.16	1.1.1.1	0x8ddb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.556804895 CET	192.168.2.16	1.1.1.1	0x340d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 23, 2024 19:16:13.017137051 CET	192.168.2.16	1.1.1.1	0xf98f	Standard query (0)	iSNeRcJlEhJAMEFextxTBbKCqq.iSNeRcJlEhJAMEFextxTBbKCqq	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.569797039 CET	192.168.2.16	1.1.1.1	0x1d56	Standard query (0)	clients1.google.com	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.569987059 CET	192.168.2.16	1.1.1.1	0xa87b	Standard query (0)	clients1.google.com	65	IN (0x0001)	false
Jan 23, 2024 19:16:30.961107016 CET	192.168.2.16	1.1.1.1	0xe8e6	Standard query (0)	iSNeRcJlEhJAMEFextxTBbKCqq.iSNeRcJlEhJAMEFextxTBbKCqq	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:46.878252029 CET	192.168.2.16	1.1.1.1	0xb52d	Standard query (0)	90.156.5.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 23, 2024 19:14:48.343147039 CET	1.1.1.1	192.168.2.16	0x5a0d	No error (0)	dl.dropboxusercontent.com	edge-block-www-env.dropbox-dns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:14:48.343147039 CET	1.1.1.1	192.168.2.16	0x5a0d	No error (0)	edge-block-www-env.dropbox-dns.com		162.125.9.15	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.349520922 CET	1.1.1.1	192.168.2.16	0x32aa	No error (0)	dl.dropboxusercontent.com	edge-block-www-env.dropbox-dns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352519989 CET	1.1.1.1	192.168.2.16	0x98d3	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.100	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.138	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.102	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.139	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.101	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.352873087 CET	1.1.1.1	192.168.2.16	0xd187	No error (0)	clients.l.google.com		74.125.138.113	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:48.353919983 CET	1.1.1.1	192.168.2.16	0x7ac4	No error (0)	accounts.google.com		64.233.176.84	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.99	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.147	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.106	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.104	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.105	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675544024 CET	1.1.1.1	192.168.2.16	0x8ddb	No error (0)	www.google.com		74.125.136.103	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:14:52.675780058 CET	1.1.1.1	192.168.2.16	0x340d	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 23, 2024 19:16:13.156752110 CET	1.1.1.1	192.168.2.16	0xf98f	Name error (3)	iSNeRcJlEhJAMEFextxTBbKCqq.iSNeRcJlEhJAMEFextxTBbKCqq	none	none	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.100	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.101	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.138	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.102	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.139	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688505888 CET	1.1.1.1	192.168.2.16	0x1d56	No error (0)	clients.l.google.com		142.250.9.113	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:17.688549042 CET	1.1.1.1	192.168.2.16	0xa87b	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 23, 2024 19:16:31.092963934 CET	1.1.1.1	192.168.2.16	0xe8e6	Name error (3)	iSNeRcJlEhJAMEFextxTBbKCqq.iSNeRcJlEhJAMEFextxTBbKCqq	none	none	A (IP address)	IN (0x0001)	false
Jan 23, 2024 19:16:46.998050928 CET	1.1.1.1	192.168.2.16	0xb52d	Name error (3)	90.156.5.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

accounts.google.com

clients2.google.com

dl.dropboxusercontent.com

slscr.update.microsoft.com

https:

www.bing.com

clients1.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.16	49717	23.54.200.130	443

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:14:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-01-23 18:14:41 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0URSoYgAAAABePpjyRlUAQrduejDbkqt8U0pDRURHRTA1MjAAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=100947 Date: Tue, 23 Jan 2024 18:14:41 GMT Content-Length: 55 Connection: close X-CID: 2
2024-01-23 18:14:41 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49721	64.233.176.84	443	2604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:14:48 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-01-23 18:14:48 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-01-23 18:14:48 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 23 Jan 2024 18:14:48 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-uUuWoli8nNJWEDYVX4pQYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmII1pBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6OGS0H1rIJbPjy8j0TALcfF_Q" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-23 18:14:48 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-01-23 18:14:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49722	74.125.138.100	443	2604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:14:48 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-23 18:14:48 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-zzWHl85fqTrzZRn-xSoCVg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 23 Jan 2024 18:14:48 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6231 X-Daystart: 36888 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-23 18:14:48 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 36 38 38 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6231" elapsed_seconds="36888"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-01-23 18:14:48 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-01-23 18:14:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49719	162.125.9.15	443	2604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:14:48 UTC	765	OUT	GET /scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0 HTTP/1.1 Host: dl.dropboxusercontent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-23 18:14:49 UTC	1157	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=60 Content-Disposition: inline; filename="ESCAIXA_JUSTIFICANTEPAG0.exe.gz"; filename*=UTF-8''ESCAIXA_JUSTIFICANTEPAG0.exe.gz Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups Content-Security-Policy: form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none' Etag: 1705996173793078n Pragma: public Set-Cookie: uc_session=zQBOlDjdCRRaeQE2ERv7iAdISZzXHwZyksTKSYDCn8QjJE1XysN8hHcp9SNX7Kfz; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure X-Content-Type-Options: nosniff X-Server-Response-Time: 780 Content-Type: application/octet-stream Accept-Encoding: identity,gzip Date: Tue, 23 Jan 2024 18:14:49 GMT Server: envoy Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Robots-Tag: noindex, nofollow, noimageindex Content-Length: 2425444 X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: e7c008a522db44508c6c0dc5f7a5d780 Connection: close
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 1f 8b 08 08 1f 6f af 65 04 00 45 53 43 41 49 58 41 5f 4a 55 53 54 49 46 49 43 41 4e 54 45 50 41 47 30 2e 65 78 65 00 ec 5c 7d 60 53 d5 15 7f 49 d3 36 6d 03 09 d0 4a 41 90 82 45 51 50 2b a1 48 69 ab 2d 92 52 37 cb 52 23 09 95 16 70 4a 17 33 37 19 be 07 4c 29 96 bd 76 23 3c b2 b1 4d 37 b7 39 87 c3 6d 6c d3 c9 36 27 55 10 02 65 fd 10 a6 85 22 54 61 b3 38 d0 1b 53 a5 6a 57 52 2c bc fd ce bd 2f 29 e0 3e ff da 3f ab 92 fb 75 ee b9 e7 7e 9d 73 ee 39 f7 be 8a bb 96 4a 26 49 92 2c f8 a7 eb 92 d4 24 89 bf 12 e9 df ff b5 e1 df f0 09 2f 0d 97 9e 4f fb d3 c4 26 d3 ed 7f 9a 78 c7 b2 af 28 f7 ad 58 96 e3 bb ef cb f7 3e b0 ea c1 61 e9 b9 b6 69 77 d5 97 57 cc e8 8c ff 2b cd df de 59 c1 c3 5f 74 56 f1 bc fc ce cd 08 af 2e fc 55 67 25 0f 9f ec b4 f0 f0 27 9d 97 f3 f0 37 9d Data Ascii: oeESCAIXA_JUSTIFICANTEPAG0.exe\}`SI6mJAEQP+Hi-R7R#pJ37L)v#<M79ml6'Ue"Ta8SjWR,/)>?u~s9J&I,$/O&x(X>aiwW+Y_tV.Ug%'7
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: ff 63 f1 b8 e9 75 a6 2a a4 04 50 22 29 da e1 41 e8 8a 8f a1 d2 90 f9 21 29 59 89 fd 94 5b 28 44 16 67 ba e1 6f 4e 78 23 c9 39 fb 56 84 57 7a 94 61 3a f7 74 45 80 2d 2c 6f 82 88 2d 11 53 35 8d dc fb d7 07 ab 42 b9 fc 0a 94 4d e2 2e 87 f0 24 f3 6c 1f f9 e6 c8 39 f3 c2 00 64 08 c4 97 42 68 1b 5f 6a e3 fb 3e c5 86 1e b2 54 f1 fd c0 3f 88 01 1c 19 f3 1c c9 c4 1a 26 7b 11 3c cd 69 67 38 16 c3 31 79 5a f2 4a 06 84 a0 e1 76 a0 cd 1c a9 d1 a6 02 db 00 e3 48 01 30 b5 31 14 0b 4a 75 36 a6 3b c9 7c 5e cf 5f dd 60 83 31 20 60 af 0a 71 ec 8d f8 b9 2b 49 97 80 fe 5f 19 34 1a 55 69 ea 6c 78 27 32 6b 15 09 98 5f 20 71 83 7f 7c c2 b1 4a d2 d5 8b cf 87 75 16 fe d2 97 b3 50 56 38 87 38 3b 3e 7d 1e cb 88 fb 73 63 95 f6 a7 21 ca ce a8 64 2f c7 fd ce d8 f5 14 68 8b 5d fb f0 0a Data Ascii: cu*P")A!)Y[(DgoNx#9VWza:tE-,o-S5BM.$l9dBh_j>T?&{<ig81yZJvH01Ju6;\|^_`1 `q+I_4Uilx'2k_ q\|JuPV88;>}sc!d/h]
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 18 b3 58 90 f2 e7 54 4b d4 5e 37 da a3 d6 9e 55 3b b6 a8 1d 7f 54 3b 1e 55 3b 1e 57 3b 7e aa 76 6c 82 4a a6 da f1 34 89 be 6e 41 fb 73 42 55 8f 7a 40 69 c0 0d ce 1f c8 f6 c3 87 ce 50 c7 cf e3 8e 71 c5 9a 3f 2a 6a 7e 60 09 68 1f cb 86 e5 e4 e3 fc 75 cb 86 25 f8 a5 af 55 47 88 ec 5e e4 21 12 fc 98 c6 3b e9 0b 31 92 93 b6 8d 55 e7 2d d1 c6 e3 fc f4 b5 65 8a 24 2d 8e 33 06 14 45 fb c4 d2 8e c7 03 13 7c 6d e3 f4 f4 a3 c7 38 9f 88 28 f3 41 81 e0 11 95 57 0b 40 ea 44 49 f8 ff 2f a0 1a 49 2d 94 94 43 61 27 66 8f bc 98 81 62 df fc 17 47 28 9c 54 97 0a dd 32 90 82 63 37 2e 34 d0 46 01 1d ed 1f 5b 5a 13 b3 6c fc 17 1e f9 ad 81 5c 7d c5 5a d4 87 69 9d eb 60 59 48 32 70 ed a0 46 a3 83 39 96 65 63 79 06 ca 8c 5f d7 41 73 00 f2 71 36 5e c9 6c 68 eb a9 60 2c db b2 f1 5a Data Ascii: XTK^7U;T;U;W;~vlJ4nAsBUz@iPq?*j~`hu%UG^!;1U-e$-3E\|m8(AW@DI/I-Ca'fbG(T2c7.4F[Zl\}Zi`YH2pF9ecy_Asq6^lh`,Z
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: f3 05 34 ce ff 56 94 f9 ac 56 ef 9e 89 0e 86 62 73 ff b5 db e4 0b 49 e6 63 e6 bc 78 b3 5f cb cc 73 1c 8e 76 a3 1c 40 6d f8 82 a1 cf 82 24 e9 76 ff 60 74 8a 5f 66 b5 90 aa 56 ad e0 3a 05 a0 dc 94 e0 61 af a3 0e a5 3d df 40 45 79 04 84 42 84 d4 cf c6 80 a1 b1 0d b0 2f 66 d0 7f a9 9b 54 2b 8e 3e 13 8d e1 e8 de 72 12 ad 09 f3 ce aa 16 d8 1a 4e 38 ea 7f 46 fc 8f 63 71 96 e1 c0 79 4b a5 ed 26 86 10 6e 04 f2 a6 bc e4 38 e4 74 1c 7d 7c 02 25 26 16 db e9 d7 8c db 69 e3 26 13 b2 f5 4f f4 62 4f 49 59 d3 8b 73 84 34 1c 74 48 a7 84 d2 c0 3e 0f fb 01 42 54 d2 81 6f 86 c4 66 31 a1 2b c7 73 fd 99 7d 64 f0 27 17 98 66 87 bc 0f c5 72 13 bb 36 24 b1 d1 10 95 c3 49 c2 39 c6 68 82 25 01 f1 d4 37 a0 04 94 1b a9 be f4 66 0f e9 c9 27 a9 da 4a 55 a3 40 da ae 34 5e 11 57 db 16 27 Data Ascii: 4VVbsIcx_sv@m$v`t_fV:a=@EyB/fT+>rN8FcqyK&n8t}\|%&i&ObOIYs4tH>BTof1+s}d'fr6$I9h%7f'JU@4^W'
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 13 98 d5 3b 35 de 0a 8d 7b 3f 23 65 b8 77 33 33 cb fd 0e 33 b3 dd 6f 30 53 e7 fe 3d 33 f3 dd 2f 31 73 a6 fb 59 66 ce 76 ff 94 99 f3 dc ab 99 69 70 ff 98 99 a5 ee 47 98 69 76 2f 62 a6 d5 6d 61 a6 e4 2e 61 66 a5 fb 3e 66 2e 76 17 ca 2a b0 b3 d7 ee c9 44 fd d3 32 42 27 30 94 ad 5a 26 33 74 15 a1 03 18 ba 86 d0 be 0c 65 6b d6 d7 33 74 2d a1 9d 18 ba 8e d0 8b 7f 20 74 3d a1 ad 0c 7d 81 d0 13 0c 7d 99 d0 4f 81 fa 8e 3c 11 ca 0f 26 bd cb d0 9d 84 be c9 d0 3d ec 92 0c 86 be 4f e8 0b 40 99 ca 07 c8 f6 34 73 d8 4c a8 93 a1 47 08 5d c2 d0 a3 84 3a 18 ea 22 74 01 43 eb 09 bd 8f a1 6e 42 f3 19 da c4 e2 cf d0 8f 58 fc 19 da c2 e2 cf d0 b3 2c fe 0c 3d cf e2 cf d0 8b 2c fe 0c 15 c2 28 fe 0c 55 13 7a 71 23 a1 51 61 14 ff 8d b2 ca 31 64 fb 92 39 c4 11 7a 84 a1 f1 84 ee 63 Data Ascii: ;5{?#ew333o0S=3/1sYfvipGiv/bma.af>f.v*D2B'0Z&3tek3t- t=}}O<&=O@4sLG]:"tCnBX,=,(Uzq#Qa1d9zc
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: cf 52 a0 5d a7 c8 05 17 99 f0 0b ef 4c d2 f2 4b 25 89 e6 1b 55 d2 dd 78 a2 62 f1 b8 5a e6 e3 15 6d 97 45 53 9e aa aa 5c 54 e8 e5 38 cb d7 e7 ef e5 f3 5c 8c e7 f5 45 cb 3c ac 8f 32 77 76 4b 3f ee 20 73 63 a9 b2 77 a6 db 64 6f b1 be f1 22 bd a0 fb ec a9 81 95 a8 e5 65 85 ab ba 02 46 6a 7e fb bb 0b ae ad 17 5a cf f0 3c f7 51 15 d8 43 7c fe fc d9 88 67 88 89 89 91 d1 79 65 f2 92 f1 f0 ce c6 c2 d8 fc 60 65 95 8a 50 4e e1 12 aa 65 3c e1 d4 75 36 72 12 15 f7 b5 a3 32 e2 74 f4 0b 2a 8e f3 22 d7 c8 52 39 bb f6 44 74 ee af 64 33 56 3c 2e a7 a3 b9 af 98 71 cb cf 90 62 6e 3b f3 e5 43 ed 34 cf 93 93 13 e1 cf 76 3e 4e ce 2d ad 7e a3 1e 3f ff 4b f7 79 71 2e e1 b5 8f 7b 3d 93 0b 1e 73 03 f8 f4 31 4c ea c1 74 07 42 67 4f 3b 9c 15 15 95 74 b0 b6 7e 15 d6 97 fa 9e f4 ee c1 Data Ascii: R]LK%UxbZmES\T8\E<2wvK? scwdo"eFj~Z<QC\|gye`ePNe<u6r2t*"R9Dtd3V<.qbn;C4v>N-~?Kyq.{=s1LtBgO;t~
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 02 5f 96 ad e4 bc 96 52 a9 81 92 c1 47 fa 6b 27 1f fe db 5b d4 93 5b 9d e4 22 8e 1c b5 ac 98 d3 3c ec 13 1e ce 98 d3 fa 8c d7 8e b0 87 2b 7d 2f ee 8c d1 ac 41 07 ed b4 03 d2 02 a4 72 40 e9 12 e5 85 1e 45 37 2a f4 16 97 aa a4 2e 10 f6 4d 24 55 69 db 02 68 63 06 47 ea 54 0e 45 d5 71 3c 04 15 c3 a4 de e9 8e ce 38 df 1b a5 a5 4e 8b 38 37 c0 f5 64 6f e6 91 cb db d1 c8 f1 a3 da 27 b4 b1 b6 29 94 e6 dc dc 9a 45 57 a3 44 f9 67 44 cf c8 37 a9 a3 ea f3 84 47 eb 4a 91 9e ea b4 06 2d d1 16 92 ba 93 9c 41 42 af 35 6c 64 fa c5 b4 2b 41 39 2e 14 fa 26 9c 97 78 f2 17 58 d4 9e 57 3a e0 6c a6 99 fd 31 59 a1 f5 34 5e bd ca 78 72 91 36 66 9c 75 38 33 d3 4e ce 5b 14 c3 dd a4 56 fd 62 17 db 53 98 d7 29 70 dd 60 51 75 10 df 57 fa 54 88 cb 71 6c c5 55 93 d2 04 67 52 35 79 8b a0 Data Ascii: _RGk'[["<+}/Ar@E7*.M$UihcGTEq<8N87do')EWDgD7GJ-AB5ld+A9.&xXW:l1Y4^xr6fu83N[VbS)p`QuWTqlUgR5y
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 41 6a c1 ea d6 43 a2 a0 c7 d0 9f f6 30 26 06 04 ad b9 e4 df d2 89 3c 52 1e 2b e7 87 68 46 35 4c de 6a ac 3e f2 44 e5 4f 21 47 c5 28 a3 35 23 f0 89 03 69 c5 2b 60 31 b7 1a 46 ac 11 52 eb 75 1d 62 14 62 cd 4a 70 90 3b bc 05 a1 b8 44 c2 41 62 47 95 32 01 34 08 cb bb 35 23 f9 b9 1e 59 73 3d 1f cd 9a 66 90 8f 03 2c 69 9e 04 1a 07 f7 88 80 2b fe 3a cb 55 a1 82 cf 7c 94 2a 98 a2 43 a4 c6 5c 5b d5 f3 37 1d 41 11 0b 97 0a e5 c5 30 e8 ce 9d 86 8e 19 0e 6b df 61 69 39 06 6f 3d 61 21 7a 82 0a 96 9b ff dc 85 c2 2e ef b8 68 18 33 48 20 8a b7 88 50 84 86 28 a3 a5 7f 7b 6f 88 d5 4f 03 b5 b2 72 8b b4 b2 fa 7d 2f 56 56 3f 45 64 35 e5 8f bb fe de 91 ad 2e fa 27 3b 1c 23 95 21 53 d4 7f 7c 6f fd c7 97 72 ab 56 a3 b4 52 c4 b6 4e 02 a0 65 9a cf 88 58 ff 69 71 8e 1e 4a 7b c0 15 Data Ascii: AjC0&<R+hF5Lj>DO!G(5#i+`1FRubbJp;DAbG245#Ys=f,i+:U\|*C\[7A0kai9o=a!z.h3H P({oOr}/VV?Ed5.';#!S\|orVRNeXiqJ{
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 05 50 cc a9 6b 39 d1 bb 70 cd e5 f0 c8 4f be 0d a1 ff 80 34 5c 83 7f 62 40 a5 ad c7 67 49 9f 08 1b 19 43 0e 83 94 9d 22 95 f0 6b 9a 4f 19 7d c2 b1 e3 ea 4e b5 b6 65 fc 3f a6 4e 99 0d a6 31 b6 71 e2 50 7e e7 99 38 9f 75 80 be 0c ba 89 0e 35 52 a2 d6 91 07 26 53 0c 0a 37 d2 8c 3a fa 32 87 cf b2 7a a1 8e 8c a3 a0 bd d0 62 c7 64 4e 89 08 ae dd 93 b8 31 16 3a dd 47 84 37 f0 22 00 a6 0c 85 6b d6 b8 0b 99 a2 5e 7a 35 3d aa bc d2 e3 db 34 69 de 21 99 ab c2 5e 02 29 48 69 ac b8 df 27 fd de e5 87 5e 89 c5 b7 b6 06 01 9f 81 16 c9 0a 69 e9 71 d4 9d f1 1e ea 80 1f bc d5 01 97 69 21 84 d2 d3 73 6c 1b c7 4a ae 2b 65 c3 65 55 0d b4 8e 0e b9 80 fb ec 78 d5 c6 23 eb 01 2e 0a 04 57 7b 04 a7 18 5d 4a 0b bc fd b2 e0 b8 3f eb 4d bf dd 68 e0 c2 c5 59 2f df a9 e4 f8 c4 fb 38 9c Data Ascii: Pk9pO4\b@gIC"kO}Ne?N1qP~8u5R&S7:2zbdN1:G7"k^z5=4i!^)Hi'^iqi!slJ+eeUx#.W{]J?MhY/8
2024-01-23 18:14:49 UTC	16384	IN	Data Raw: 52 8d 1f 15 58 4c eb cc 30 1a 67 a0 bd 27 74 a8 89 42 a9 0e 82 6c 1c 0c 3e 02 1c 18 e9 4d 0c 3d 0b 63 8d 83 49 66 6d f8 96 b9 47 ec 31 5c d9 66 3c b3 d0 3a 8f d5 c4 95 2e 47 72 33 11 0d d6 ad 43 f0 d4 e5 29 46 64 ab 18 4c 79 48 d9 3a 3c 8b 87 c5 87 4e 37 9b 65 5a c5 73 6a 0f 37 e0 72 53 67 ff 85 ff 84 a8 10 e0 79 a8 23 d4 fc 3a 2b 96 f3 ea d0 58 ad 32 34 35 a5 b8 20 7b 8c a7 52 74 6a d4 57 e2 fb a8 a5 90 d8 84 34 05 05 18 40 b5 fb 3e 0b 1d 88 24 e6 2e f8 6d 2f 1f b5 d0 30 72 73 b2 49 3f 95 4e 22 c7 7a fa a2 6e 82 1c d6 b4 98 46 02 51 e9 ba 54 c8 50 41 2b a8 99 cd 72 bd 3c de 9f a7 6c 2a de 8d 4e 74 ae 23 92 a1 fe ad 1b 11 2d b6 63 94 77 d7 15 3f 17 53 7c 9c f8 49 51 a9 51 78 a4 af 23 69 92 6a 10 50 01 d7 e0 67 68 21 ca 9a 22 1b 1f 2a d3 c7 37 61 3f 04 bf Data Ascii: RXL0g'tBl>M=cIfmG1\f<:.Gr3C)FdLyH:<N7eZsj7rSgy#:+X245 {RtjW4@>$.m/0rsI?N"znFQTPA+r<lNt#-cw?S\|IQQx#ijPgh!"7a?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49727	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:15:04 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yb54FxG4Os1pzfV&MD=HRYWcu98 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-01-23 18:15:04 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 5d594a52-2c4f-4140-a50a-a4f9efe13945 MS-RequestId: d22e85ce-856d-4d31-98be-67a85cedeb91 MS-CV: OP/+BeA9LUifgVqb.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 23 Jan 2024 18:15:03 GMT Connection: close Content-Length: 24490
2024-01-23 18:15:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-01-23 18:15:04 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.16	49726	23.1.237.25	443

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:15:04 UTC	2273	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 608 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1696584863&IPMH=5e4190f4&IPMID=1696585056345&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-23 18:15:04 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-01-23 18:15:04 UTC	607	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 36 34 38 31 41 46 33 32 31 31 46 30 34 33 44 41 39 30 30 39 46 46 31 30 39 32 45 43 36 45 36 46 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>6481AF3211F043DA9009FF1092EC6E6F</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-01-23 18:15:05 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: DEE53A4EF2614389AE46AA13DBC97EB8 Ref B: CO1EDGE2413 Ref C: 2024-01-23T18:15:04Z Date: Tue, 23 Jan 2024 18:15:04 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706033704.31d52f28

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49729	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:15:41 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yb54FxG4Os1pzfV&MD=HRYWcu98 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-01-23 18:15:42 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 6bb6346b-fa48-484f-bfc7-43259e411c93 MS-RequestId: e2e340c3-6c7b-4aa2-b685-40997929209f MS-CV: gxVW7zY4/0eEhnps.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 23 Jan 2024 18:15:41 GMT Connection: close Content-Length: 25457
2024-01-23 18:15:42 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-01-23 18:15:42 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49732	142.250.9.100	443	2604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-01-23 18:16:17 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000ECA0978CB6 HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2024-01-23 18:16:18 UTC	817	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-9nAC91JWXJdm_gZmgXry5Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Security-Policy: script-src 'report-sample' 'nonce-DNlsY7keXabll0qmZI1ITA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Type: text/plain; charset=utf-8 Content-Length: 220 Date: Tue, 23 Jan 2024 18:16:18 GMT Expires: Tue, 23 Jan 2024 18:16:18 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-23 18:16:18 UTC	220	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 64 36 39 64 62 32 35 38 0a Data Ascii: rlzC1: 1C1ONGR_enUS1094rlzC2: 1C2ONGR_enUS1094rlzC7: 1C7ONGR_enUS1094dcc: set_dcc: C1:1C1ONGR_enUS1094,C2:1C2ONGR_enUS1094,C7:1C7ONGR_enUS1094events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: d69db258

Target ID:	0
Start time:	19:14:45
Start date:	23/01/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0
Imagebase:	0x7ff71e7f0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	19:14:46
Start date:	23/01/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1988,i,7041122785925170672,15351710514814994196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff71e7f0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:14:55
Start date:	23/01/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\OpenWith.exe -Embedding
Imagebase:	0x7ff67aeb0000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:15:03
Start date:	23/01/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff7d3c70000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	19:15:24
Start date:	23/01/2024
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz
Imagebase:	0x7f0000
File size:	700'416 bytes
MD5 hash:	50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	19:15:32
Start date:	23/01/2024
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\7-Zip\7zG.exe" "C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe.gz
Imagebase:	0x7f0000
File size:	700'416 bytes
MD5 hash:	50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	19:15:42
Start date:	23/01/2024
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\" -spe -an -ai#7zMap20987:114:7zEvent26426
Imagebase:	0x7f0000
File size:	700'416 bytes
MD5 hash:	50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	19:16:05
Start date:	23/01/2024
Path:	C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\ESCAIXA_JUSTIFICANTEPAG0.exe\ESCAIXA_JUSTIFICANTEPAG0.exe"
Imagebase:	0x70000
File size:	691'217'025 bytes
MD5 hash:	DE7B0B12B76A57A70A091974077659DA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	19:16:05
Start date:	23/01/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecdf0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	19:16:07
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k cmd < Blocks & exit
Imagebase:	0x960000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	19:16:07
Start date:	23/01/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecdf0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	19:16:07
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd
Imagebase:	0x960000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	19:16:08
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xf20000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	19:16:08
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
Imagebase:	0x9f0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	19:16:09
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xf20000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	19:16:09
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa.exe"
Imagebase:	0x9f0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	19:16:10
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c mkdir 5870
Imagebase:	0x960000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	19:16:10
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b President + Reduce + Evening + Span + Routing 5870\Si.pif
Imagebase:	0x960000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	19:16:10
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b Facility + Estonia + Mi + Mauritius + Gui 5870\s
Imagebase:	0x960000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	19:16:11
Start date:	23/01/2024
Path:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif
Wow64 process (32bit):	false
Commandline:	5870\Si.pif 5870\s
Imagebase:	0x7ff690ca0000
File size:	1'071'200 bytes
MD5 hash:	BFA84DBDE0DF8F1CAD3E179BD46A6E34
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	19:16:11
Start date:	23/01/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping -n 5 localhost
Imagebase:	0xff0000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	19:16:25
Start date:	23/01/2024
Path:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe
Imagebase:	0x1d1aaf10000
File size:	65'168 bytes
MD5 hash:	A4EB36BAE72C5CB7392F2B85609D4A7E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001C.00000002.2969464697.000001D1BE16A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001C.00000002.3019444593.000001D1C5470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001C.00000002.3023454296.000001D1C5610000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001C.00000002.2969464697.000001D1BDADC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001C.00000002.2953242285.000001D1ACBF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	9.2%
Total number of Nodes:	1440
Total number of Limit Nodes:	179

Executed Functions

Function 00007FFDC4318710 Relevance: 13.6, Strings: 10, Instructions: 1132COMMON

Download Yara Rule

Strings

too many references to "%s": max 65535, xrefs: 00007FFDC4318C6D
%s.%s.%s, xrefs: 00007FFDC4319616
access to view "%s" prohibited, xrefs: 00007FFDC4318A66
'%s' is not a function, xrefs: 00007FFDC4318C56
no tables specified, xrefs: 00007FFDC43197DA
too many columns in result set, xrefs: 00007FFDC4319858
no such table: %s, xrefs: 00007FFDC43197BD
..%s, xrefs: 00007FFDC4318FE0
unsafe use of virtual table "%s", xrefs: 00007FFDC4318AB3
%s.%s, xrefs: 00007FFDC43196B3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s.%s$%s.%s.%s$'%s' is not a function$..%s$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 0-2044163489
Opcode ID: 33013d6009c3d843382109cb3f8e31adffb086848b553c5625b52e1512bb21b2
Instruction ID: b4c55e38cc6aeee49a74aa023764ea684989461a297a8e930da3595608785ec8
Opcode Fuzzy Hash: 33013d6009c3d843382109cb3f8e31adffb086848b553c5625b52e1512bb21b2
Instruction Fuzzy Hash: 1EB2BF32B49B8286EB649F1590A03B977A0FB87B98F148235DE9D47784DF3DE461C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E721968 Relevance: 8.0, Strings: 5, Instructions: 1712
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.M_L, xrefs: 00007FFD5E72F7D3
`5|^, xrefs: 00007FFD5E72EA41
p!|^, xrefs: 00007FFD5E72E6CB
X|^, xrefs: 00007FFD5E72EA7C
'|^, xrefs: 00007FFD5E72E794

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID: .M_L$X|^$`5|^$p!|^$'|^
API String ID: 0-4185306508
Opcode ID: 96059bc52fbd3ab2b9fe6c2c4b6846a907a084b0bea8872351ee4d02e93eb89d
Instruction ID: ca107dd6b2e8849cd6eebf442add79b63505cc4b48fff0d65428ef69c65047e4
Opcode Fuzzy Hash: 96059bc52fbd3ab2b9fe6c2c4b6846a907a084b0bea8872351ee4d02e93eb89d
Instruction Fuzzy Hash: 67C2E631B09A4A4FEB9AEF2CC425778B7A1EF99340F5841BAD44DC72C3DE25AC468741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D1C94 Relevance: 4.7, Strings: 2, Instructions: 2198COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFD5E7D1EF9
H, xrefs: 00007FFD5E7D2EFE

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID: H$H
API String ID: 0-136785262
Opcode ID: f5f8ee3f0cc0e966815ce21bb5dbb6e7e56925c0246d131707101fd4fe70a5a0
Instruction ID: f8f60b3553cc123dae3cd49a61e155396ac206ffa0e8ee4e0915ef2b300b528d
Opcode Fuzzy Hash: f5f8ee3f0cc0e966815ce21bb5dbb6e7e56925c0246d131707101fd4fe70a5a0
Instruction Fuzzy Hash: A8D2A412B18E8A0FF7E9B62C867523967C2EFD8610B5D157AD45DC32DAED28EC0B4341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4255A3C Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00007FFDC4255A52
GetVersion.KERNEL32 ref: 00007FFDC4255A64
HeapSetInformation.KERNEL32 ref: 00007FFDC4255A82

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Heap$CreateInformationVersion
String ID:
API String ID: 3563531100-0
Opcode ID: e5299c10ea7c8343c2316a9fbe2f098d67af93aca46015610c7a7b0b4a9e02cb
Instruction ID: 5d07026300dd2d566e9ac6699d8a34e9ec6b93f99e6fc4aa0907dfb859d18184
Opcode Fuzzy Hash: e5299c10ea7c8343c2316a9fbe2f098d67af93aca46015610c7a7b0b4a9e02cb
Instruction Fuzzy Hash: 15E06534B9A65282F7847FA1A4E777A3260BFCA758F900434D50D427D4DE3CA4858780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E8A2088 Relevance: 4.5, Strings: 1, Instructions: 3221COMMON

Download Yara Rule

Strings

5_H, xrefs: 00007FFD5E8A407E

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID: 5_H
API String ID: 0-1289465396
Opcode ID: 1a9d2fcd769ed6a464fe69779300b34b65a7d1e81fd334a4795f68eed0237a80
Instruction ID: 1f5000af4b436ccd13d5fdd24ae43d188da760e21a43555449afb9a6a63d598a
Opcode Fuzzy Hash: 1a9d2fcd769ed6a464fe69779300b34b65a7d1e81fd334a4795f68eed0237a80
Instruction Fuzzy Hash: 3533D530B18A498FEB99EF2C84657B97BE1FF99340F5941B9D40DCB292DE34AC428750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4327880 Relevance: 4.2, Strings: 3, Instructions: 478COMMON

Download Yara Rule

Strings

immutable, xrefs: 00007FFDC4327D5D
-journal, xrefs: 00007FFDC4327BAD
nolock, xrefs: 00007FFDC4327CFD

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: -journal$immutable$nolock
API String ID: 0-4201244970
Opcode ID: 9601c1c168edc6a48139eb5135c42d1e22fa32dfadb8790caa0950d6aac56608
Instruction ID: 883f27305d1bd01bb0134983789712d7375bc94421929b2191ad3f556e1a3eac
Opcode Fuzzy Hash: 9601c1c168edc6a48139eb5135c42d1e22fa32dfadb8790caa0950d6aac56608
Instruction Fuzzy Hash: F212E322F0978256EB669F2595A5379B690FB827A8F044235DF6D07BC2DF3CE461C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC432B540 Relevance: 1.8, Strings: 1, Instructions: 544COMMON

Download Yara Rule

Strings

:memory:, xrefs: 00007FFDC432B5AC

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: :memory:
API String ID: 0-2920599690
Opcode ID: 0dc1f0f9668f7fe873f63bc9e42a2656b38e3c7294fa94db0d37e1ce8d1472df
Instruction ID: ccdd3cc951591b7319010ff3aac368a08d66f51b7620643edb2a1ffa8e7df612
Opcode Fuzzy Hash: 0dc1f0f9668f7fe873f63bc9e42a2656b38e3c7294fa94db0d37e1ce8d1472df
Instruction Fuzzy Hash: B5328222B4978386EB75AF15A4A433A7BA5FFC6B88F144135DA4E07796DF3CE4418380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC430CDA0 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE ref: 00007FFDC430CDDE

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9ee647d153d26e60f7f68d90e657a5dd40dfc6347e32f65f0492779945e09036
Instruction ID: 8f4e3d1408ac360bb9c0cf72f874b813d810828ce855d506ebcfcacc66b91a6a
Opcode Fuzzy Hash: 9ee647d153d26e60f7f68d90e657a5dd40dfc6347e32f65f0492779945e09036
Instruction Fuzzy Hash: FB61FA21F8EB4382FA58BF15B8F517A62A5AFC7788F440535C95E473A5EF6CA41283C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E89F300 Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

/6_L, xrefs: 00007FFD5E89F584

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID: /6_L
API String ID: 0-3149575542
Opcode ID: e0b3dfaf779a9a16529477de7e3e08323586b8ad57e684c35c084dc68b7ad787
Instruction ID: a24a38491bfc248505e0ffc6d2b483a3bac444dd7833f796353b73e4c782391c
Opcode Fuzzy Hash: e0b3dfaf779a9a16529477de7e3e08323586b8ad57e684c35c084dc68b7ad787
Instruction Fuzzy Hash: A9913622B1CA165BE358EF6DA4151FA7BE0EF88320B14827FD149C7193EE24A8478384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E8AC88D Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

{5_^, xrefs: 00007FFD5E8AC8D1

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID: {5_^
API String ID: 0-237691538
Opcode ID: 9e4555e574b8dd0467dabe60be8c5c58fba5255c7925635f5fd474e3b2590d33
Instruction ID: c11605df9cf47b83c04f5c16939b38ad5ae0bdaeafedce6e627ae8c8c9b4dfcd
Opcode Fuzzy Hash: 9e4555e574b8dd0467dabe60be8c5c58fba5255c7925635f5fd474e3b2590d33
Instruction Fuzzy Hash: 31910547B0E5C35BF658AB6C793807E1FA0DFC9734B1C45BBD1984E1C7ED09A8428296

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E8A55C1 Relevance: .6, Instructions: 566COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e435af02ece7dddb1004ba4cf03b543ce52805fd7a8c887cacfec8f4beccb82e
Instruction ID: d862d90333d3600bb075b00a5c33beae6fca263e80909408c0b43776ca4f343e
Opcode Fuzzy Hash: e435af02ece7dddb1004ba4cf03b543ce52805fd7a8c887cacfec8f4beccb82e
Instruction Fuzzy Hash: B7026071B1894A8FEB88EF1CC4A57A977E2FF98310F584179E44DCB296DE34A846C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D4B0D Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f878cfb566092d8325baf2c317791818ec0023b3f457fb8a2f9ae4e3b6aec091
Instruction ID: 726b9b062944c6aca5128f7f0c586aa62b5887c4773da89e49906b3ff631fb70
Opcode Fuzzy Hash: f878cfb566092d8325baf2c317791818ec0023b3f457fb8a2f9ae4e3b6aec091
Instruction Fuzzy Hash: FEC19D11B1EA960BE7967768CB753B83AD29F96600F4D04BAD08DCB1D3ED5DAC0A8341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E8A4F5C Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d22017d73615eb091d6475c41324993d95de12763bc80736f36a9aa6190462
Instruction ID: 44ae4bcd55276f42f157066c5125f427ecbbdf023954bf31880156d53e2af031
Opcode Fuzzy Hash: 84d22017d73615eb091d6475c41324993d95de12763bc80736f36a9aa6190462
Instruction Fuzzy Hash: EC814862B0DB450FE798EB2D44656797BD2EFD9220B4840BFE44DCB293DD29EC468381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D4C64 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e91682977b1541ff11ea384322016a307ab4e084f2cda822f6707cbdb929ab1
Instruction ID: 2275760d65d0c42b8eda78be6879aea195a358041d62114dcd2115f5f113d9d9
Opcode Fuzzy Hash: 5e91682977b1541ff11ea384322016a307ab4e084f2cda822f6707cbdb929ab1
Instruction Fuzzy Hash: AD818B00B2DA9B0BF696B66CCAB53B935C7AF89600F5C447AD14DC72C7EE5CAC0A5341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4254CF0 Relevance: 10.6, APIs: 7, Instructions: 93
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFDC4255A3C: HeapCreate.KERNELBASE ref: 00007FFDC4255A52
Part of subcall function 00007FFDC4255A3C: GetVersion.KERNEL32 ref: 00007FFDC4255A64
Part of subcall function 00007FFDC4255A3C: HeapSetInformation.KERNEL32 ref: 00007FFDC4255A82

_RTC_Initialize.LIBCMT ref: 00007FFDC4254D22
GetCommandLineA.KERNEL32 ref: 00007FFDC4254D27

Part of subcall function 00007FFDC425A52C: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A545
Part of subcall function 00007FFDC425A52C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A59C
Part of subcall function 00007FFDC425A52C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A5D7
Part of subcall function 00007FFDC425A52C: free.LIBCMT ref: 00007FFDC425A5E4
Part of subcall function 00007FFDC425A52C: FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A5EF

Part of subcall function 00007FFDC4259DEC: GetStartupInfoW.KERNEL32 ref: 00007FFDC4259E0D

__setargv.LIBCMT ref: 00007FFDC4254D50
_cinit.LIBCMT ref: 00007FFDC4254D64

Part of subcall function 00007FFDC4257008: FlsFree.KERNEL32(?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC4257017
Part of subcall function 00007FFDC4257008: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC425B957
Part of subcall function 00007FFDC4257008: free.LIBCMT ref: 00007FFDC425B960
Part of subcall function 00007FFDC4257008: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC425B987

Part of subcall function 00007FFDC425A0C0: free.LIBCMT ref: 00007FFDC425A111

Part of subcall function 00007FFDC4256E50: Sleep.KERNEL32(?,?,atan2,00007FFDC425711B,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4256E95

FlsSetValue.KERNEL32 ref: 00007FFDC4254DFE
GetCurrentThreadId.KERNEL32 ref: 00007FFDC4254E12
free.LIBCMT ref: 00007FFDC4254E21

Part of subcall function 00007FFDC4251EB8: HeapFree.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251ECE
Part of subcall function 00007FFDC4251EB8: _errno.LIBCMT ref: 00007FFDC4251ED8
Part of subcall function 00007FFDC4251EB8: GetLastError.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251EE0

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: free$FreeHeap$ByteCharCriticalDeleteEnvironmentMultiSectionStringsWide$CommandCreateCurrentErrorInfoInformationInitializeLastLineSleepStartupThreadValueVersion__setargv_cinit_errno
String ID:
API String ID: 125979975-0
Opcode ID: 848f40d9cbe23c083b1761a4d0fd45ccf31f31135ebea35928701b12c0fba5be
Instruction ID: a881746dd88fa164bd3f9d5cd51d419f365081d070a422043a6acb4585237ba6
Opcode Fuzzy Hash: 848f40d9cbe23c083b1761a4d0fd45ccf31f31135ebea35928701b12c0fba5be
Instruction Fuzzy Hash: CB310620F5E60351FA657FB159F73BAE1949F9332CF204138E85D861D6EE2EB440A2E1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4308200 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 353
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

exclusive, xrefs: 00007FFDC4308334
delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FFDC4308574
winOpen, xrefs: 00007FFDC43085EF
psow, xrefs: 00007FFDC43086C1

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 0-3829269058
Opcode ID: 2f2268d43d4e7084d077935fdab7c9b1e04ee9cf6505ae5a1285bba30b4daee5
Instruction ID: d83738525994876539b59e1c0f842805fa9f6d4dd79c69bae7daadb2208709c8
Opcode Fuzzy Hash: 2f2268d43d4e7084d077935fdab7c9b1e04ee9cf6505ae5a1285bba30b4daee5
Instruction Fuzzy Hash: A6E18D32B4968286FB68AF15A4A037E66A0AFC679CF144635DE5D436D5DF3CE8408B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425A52C Relevance: 9.1, APIs: 6, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A545
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A59C
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A5D7
free.LIBCMT ref: 00007FFDC425A5E4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A5EF
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDC4254D39), ref: 00007FFDC425A5FD

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
String ID:
API String ID: 517548149-0
Opcode ID: 966443adac4797360bdb035ac3a5d27af3a8433bcab42d8b72817793535ec649
Instruction ID: 06a511ea5f9129b0fbef5cfd18056c541baa9547149c77e470c00f0927def144
Opcode Fuzzy Hash: 966443adac4797360bdb035ac3a5d27af3a8433bcab42d8b72817793535ec649
Instruction Fuzzy Hash: 65217136F4978185EB609F12A4A2529B7E4FB8ABC8B584034DE4E07794DF3DE450C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC43020E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE ref: 00007FFDC430221D
DeleteFileW.KERNELBASE ref: 00007FFDC4302233

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FFDC43021EA
winDelete, xrefs: 00007FFDC43022A7

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: File$AttributesDelete
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 2910425767-1405699761
Opcode ID: 5882681ec4f1576fe7e39676a35a5b4a4286101b2c4500c958f1ab76965559b2
Instruction ID: e6dfcf7d4499dd4dc2b0c4636c8e964be4cbd5147749979e4cc52cfb04e57ab8
Opcode Fuzzy Hash: 5882681ec4f1576fe7e39676a35a5b4a4286101b2c4500c958f1ab76965559b2
Instruction Fuzzy Hash: 9D515320F8D50341FAACBFA595F513D52A5AFD7798F540A31DA1E826E0CE2CEC4583C9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EA9E5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL ref: 00007FFDC42EAA1F

Strings

HeapAlloc, xrefs: 00007FFDC42EAA3D
failed to %s %u bytes (%lu), heap=%p, xrefs: 00007FFDC42EAA44
HeapReAlloc, xrefs: 00007FFDC42EAA33

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID: HeapAlloc$HeapReAlloc$failed to %s %u bytes (%lu), heap=%p
API String ID: 1279760036-2123888023
Opcode ID: 5cfbc5fae8fb24b5ea12ff3a0d9e3db40ff9464fcd844c2021de548cea3137f9
Instruction ID: b00b0c4dda063db3bd2f28f1d66a18a7783bd591afe7bd88b174d3394e5b3bf7
Opcode Fuzzy Hash: 5cfbc5fae8fb24b5ea12ff3a0d9e3db40ff9464fcd844c2021de548cea3137f9
Instruction Fuzzy Hash: AF018024F09B4289EA149F51E8A01A6A360AF96BD8F484531DE4D13B59DE3CE1468780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4302B80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 00007FFDC4302C4C

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FFDC4302CFA
winRead, xrefs: 00007FFDC4302CAF

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: 07763e35ff344dc7b74ad69bc5b271a3553db84b9073a29d5bd84de1e272815e
Instruction ID: bf3f2501498ae0fadd29931af6575d67ee83732d004b32ad5df609df121d3da5
Opcode Fuzzy Hash: 07763e35ff344dc7b74ad69bc5b271a3553db84b9073a29d5bd84de1e272815e
Instruction Fuzzy Hash: DC412B32F4864285E764EF15A4D45BAB2A5FB8674CF550236DE4D83790DF3CE882C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4308DD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

Strings

winTruncate1, xrefs: 00007FFDC4308E50
winTruncate2, xrefs: 00007FFDC4308E7F

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: winTruncate1$winTruncate2
API String ID: 0-470713972
Opcode ID: 36561cffbf6985d39782310801adb8db7b8d0d5585a8189615eee4a87b125749
Instruction ID: 6fa5b506ceb0ffb2c340d9a5e50aace430efa9abc4d7b743f30288e856e24180
Opcode Fuzzy Hash: 36561cffbf6985d39782310801adb8db7b8d0d5585a8189615eee4a87b125749
Instruction Fuzzy Hash: EF218221B4961286E754BF15A5A017AA3A1EBC5FD8F140231DE5D877D5DF3CD8418780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425A134 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

__initmbctable.LIBCMT ref: 00007FFDC425A151
free.LIBCMT ref: 00007FFDC425A203
free.LIBCMT ref: 00007FFDC425A252

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: free$__initmbctable
String ID:
API String ID: 2804101511-0
Opcode ID: 333523a2a299460f369c04aa3334e75de5e02c203dfefab14658383e1383fec8
Instruction ID: 840ee73b63ab0fbc748ca7f19aae36c95d3989929620d9c8ce37748836774a8b
Opcode Fuzzy Hash: 333523a2a299460f369c04aa3334e75de5e02c203dfefab14658383e1383fec8
Instruction Fuzzy Hash: 93319C21F4D64645FB10AF25E8E337AA6A0AF87B9CF088131DA5D47696DF3EE4418380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4255AB4 Relevance: 4.5, APIs: 3, Instructions: 46memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC4255AD7
RtlAllocateHeap.NTDLL(?,?,00000000,00007FFDC4256E83,?,?,atan2,00007FFDC425711B,?,?,7FF0000000000000,00007FFDC4252BC9), ref: 00007FFDC4255B0B
_callnewh.LIBCMT ref: 00007FFDC4255B22

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: AllocateHeap_callnewh_errno
String ID:
API String ID: 638267422-0
Opcode ID: 0f3fb68350e0b75b2c47a46c2cfe2ae52dbe8b586ee5eab47f0d8400e7ffd447
Instruction ID: bbb0b1cd60b5ea5a3a977c26045a172960156e20bdceba4221dd432f81868bf3
Opcode Fuzzy Hash: 0f3fb68350e0b75b2c47a46c2cfe2ae52dbe8b586ee5eab47f0d8400e7ffd447
Instruction Fuzzy Hash: A211A521B0E206C5FB555F91D6E637AF2919F967FCF084630C91D476CCEE6DA4C08280

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4256DD0 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 35sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FFDC4256DFB

Part of subcall function 00007FFDC425BD4C: _FF_MSGBANNER.LIBCMT ref: 00007FFDC425BD7C
Part of subcall function 00007FFDC425BD4C: RtlAllocateHeap.NTDLL(?,?,00000000,00007FFDC4256E00,?,?,atan2,00007FFDC425BA25,?,?,?,00007FFDC425BACF,?,?,00000000,00007FFDC4257089), ref: 00007FFDC425BDA1
Part of subcall function 00007FFDC425BD4C: _callnewh.LIBCMT ref: 00007FFDC425BDBA
Part of subcall function 00007FFDC425BD4C: _errno.LIBCMT ref: 00007FFDC425BDC5
Part of subcall function 00007FFDC425BD4C: _errno.LIBCMT ref: 00007FFDC425BDD0

Sleep.KERNEL32(?,?,atan2,00007FFDC425BA25,?,?,?,00007FFDC425BACF,?,?,00000000,00007FFDC4257089,?,?,00000000,00007FFDC4257140), ref: 00007FFDC4256E0E

Strings

atan2, xrefs: 00007FFDC4256DE3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$AllocateHeapSleep_callnewhmalloc
String ID: atan2
API String ID: 3606348469-4237371541
Opcode ID: 8b72bec897cf06db0aed771bce606a6ef552090ab20b2ba9d84621500cc1f346
Instruction ID: 8d20a1a02a9cc1bde1a00cceacf59905d090164816e206a9db615198cc47a486
Opcode Fuzzy Hash: 8b72bec897cf06db0aed771bce606a6ef552090ab20b2ba9d84621500cc1f346
Instruction Fuzzy Hash: 1E01D132725B8586EA54AF06D4A1029B7A1EBCAF98F580134EE5D0B780DF39F881C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E8A5FC2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 218COMMON

Download Yara Rule

Strings

5_^, xrefs: 00007FFD5E8A5FD1

Memory Dump Source

Source File: 0000001C.00000002.3041073347.00007FFD5E890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e890000_RegAsm.jbxd

Similarity

API ID:
String ID: 5_^
API String ID: 0-3087997797
Opcode ID: d33151c49e3d4486d4b187b2bf807dbed3242bccf68aa157ff30e26e179e1fb5
Instruction ID: af1cce3f03a04c864aacf1f1de8cf7b7d0b2fec88e1bce02b406bab92f6bba32
Opcode Fuzzy Hash: d33151c49e3d4486d4b187b2bf807dbed3242bccf68aa157ff30e26e179e1fb5
Instruction Fuzzy Hash: 12515A72A0C7895FEB09EB5C98A55E97FF0EF95320F04027FD089CB193DA2468468785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EA8C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00007FFDC42EA902

Strings

failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu, xrefs: 00007FFDC42EA919

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CreateHeap
String ID: failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu
API String ID: 10892065-982776804
Opcode ID: 8f7f8f63d6b3a5464985a7b7eae80e3e70eed1f3c4f8afd96bb32f8d3673a7a6
Instruction ID: 1f7620e3ae4da21487a4a1228b44a440544b0e43179a1817a1f0d9c4a4296c5b
Opcode Fuzzy Hash: 8f7f8f63d6b3a5464985a7b7eae80e3e70eed1f3c4f8afd96bb32f8d3673a7a6
Instruction Fuzzy Hash: E0118236F0975182E7118F14E06132AE3A0EF96798F150035DF4C57B54EF3EE4928B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4302DF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 00007FFDC4302E14

Strings

winSeekFile, xrefs: 00007FFDC4302E2D

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: FilePointer
String ID: winSeekFile
API String ID: 973152223-3168307952
Opcode ID: f4f74469be961b1fdc185e50d8d4cf4d60afbb43300ef3ec4046b1d16ea55b6f
Instruction ID: 393214d067c69f3fd9c7d7864ff8a480087eac91dbf79d681b726605e3be37b7
Opcode Fuzzy Hash: f4f74469be961b1fdc185e50d8d4cf4d60afbb43300ef3ec4046b1d16ea55b6f
Instruction Fuzzy Hash: 32F0BBB1F6460187EB109F78A8505A963A0FF89759F940231DF1CC7690DF3CD486C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EAAF5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 00007FFDC42EAB11

Strings

failed to HeapAlloc %u bytes (%lu), heap=%p, xrefs: 00007FFDC42EAB25

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID: failed to HeapAlloc %u bytes (%lu), heap=%p
API String ID: 1279760036-667713680
Opcode ID: 219f358c2b8566aec01c34844df83dcabdaf35f38fa05e80bb3096063ecf1e32
Instruction ID: 1c458cb556ce516f1e5a5f0a667385c8bb13452c0a7c1a784a54c8004c0a6daf
Opcode Fuzzy Hash: 219f358c2b8566aec01c34844df83dcabdaf35f38fa05e80bb3096063ecf1e32
Instruction Fuzzy Hash: 29F08C25F19A5282EA149F26E49156BA3A1EF9AFCCB044534DE4C17B68EF3CE1438780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EAA94 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23threadCOMMON

Download Yara Rule

APIs

RtlRestoreThreadPreferredUILanguages.NTDLL ref: 00007FFDC42EAAB1

Strings

failed to HeapFree block %p (%lu), heap=%p, xrefs: 00007FFDC42EAAC1

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: LanguagesPreferredRestoreThread
String ID: failed to HeapFree block %p (%lu), heap=%p
API String ID: 1765668137-4030396798
Opcode ID: 270ef9e2b3add69bf7e38d52260531af0b46dd121fe69f04766ae746de00931a
Instruction ID: 68d433149b72d352291388d1b889e47598f279960298356b55eb78162b558f97
Opcode Fuzzy Hash: 270ef9e2b3add69bf7e38d52260531af0b46dd121fe69f04766ae746de00931a
Instruction Fuzzy Hash: 43E03965B0D68681EB00AF62F99167A6361AF8ABCCF448034DE4CA7765DE3CE1028380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4256E50 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 36sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDC4255AB4: _errno.LIBCMT ref: 00007FFDC4255AD7

Sleep.KERNEL32(?,?,atan2,00007FFDC425711B,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4256E95

Strings

atan2, xrefs: 00007FFDC4256E63

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Sleep_errno
String ID: atan2
API String ID: 1068366078-4237371541
Opcode ID: 33f54d2c2bf0c4e69396414d7d8dce5276b85e2986db5ba3a27f0d8de4f1c814
Instruction ID: d1118ea41401d6e541e838cb1f57c17c4f0a317e550981651ff5f095696c5603
Opcode Fuzzy Hash: 33f54d2c2bf0c4e69396414d7d8dce5276b85e2986db5ba3a27f0d8de4f1c814
Instruction Fuzzy Hash: 7F01DB32715A9186EA549F17D49142DB7A1F7C9FD4B084131DE5D03790CF3DE891CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E74F900 Relevance: 1.7, Strings: 1, Instructions: 458COMMON

Download Yara Rule

Strings

+K_H, xrefs: 00007FFD5E74F982

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID: +K_H
API String ID: 0-1872502075
Opcode ID: 9b163805d32b6ff20c327a8873b2fe4aff069cfbb84edf5935dc3d64e0995448
Instruction ID: 38aef1694b65be94f3a51562079aad2fe38792017c848aaa85c350c32cca995c
Opcode Fuzzy Hash: 9b163805d32b6ff20c327a8873b2fe4aff069cfbb84edf5935dc3d64e0995448
Instruction Fuzzy Hash: BFE1C230708A098FDB49EF2CC469A7977E1FF9A344B5941B9D41ECB2A2DE35AC42C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7211B0 Relevance: 1.6, Strings: 1, Instructions: 354COMMON

Download Yara Rule

Strings

+K_H, xrefs: 00007FFD5E74F982

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID: +K_H
API String ID: 0-1872502075
Opcode ID: ff90128a76192086a74ec6b20a51e72688a2786a122892a0d23c0af64741eb68
Instruction ID: f9735440de7e4fb053eac9409bd4d0fafb5df534044745276b21fafd504569d3
Opcode Fuzzy Hash: ff90128a76192086a74ec6b20a51e72688a2786a122892a0d23c0af64741eb68
Instruction Fuzzy Hash: AEB1D7307089498FDB49EF2CC468AB97BE1EF5A314B5941B9D05DCB2A2DF35AC42C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7211F8 Relevance: 1.6, Strings: 1, Instructions: 320COMMON

Download Yara Rule

Strings

+K_H, xrefs: 00007FFD5E74F982

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID: +K_H
API String ID: 0-1872502075
Opcode ID: f8c45fe5379cfa3f1ba31bc077659600d8749f3760eee0506804bf6e0867a71c
Instruction ID: 107563772703565bc6de74a35e3ab7583d0dba0025cbcc982f4f0ac9b0ae7abd
Opcode Fuzzy Hash: f8c45fe5379cfa3f1ba31bc077659600d8749f3760eee0506804bf6e0867a71c
Instruction Fuzzy Hash: F9A17030709A098FDB89EF2CC469A6977E1FF5A340B5941B9D41ECB2A2DF35AC42C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72C138 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

D~^, xrefs: 00007FFD5E732776

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID: D~^
API String ID: 0-3414850997
Opcode ID: e0c2a9297cba84d0d73ecb1d776776a907d50644d1ab77748a85c823a3bec7a1
Instruction ID: 98a9785e79775591dba5a4be99d2400240a2530569ee5ac3732d82aaf9bae681
Opcode Fuzzy Hash: e0c2a9297cba84d0d73ecb1d776776a907d50644d1ab77748a85c823a3bec7a1
Instruction Fuzzy Hash: 19012522A18ECB0BD6D9BA3C84665B533E1FF5D340758017AD44AC72E6EE2568438341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D43A4 Relevance: .7, Instructions: 654COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c2f6d21f1b2c57b1149a125ea3b107f447b901aa2dd70c14f89bf423025374
Instruction ID: e13df6d1ec94308ef30628ef808a235d25b047d2db65102bfd61a9c30cc7d0f2
Opcode Fuzzy Hash: 62c2f6d21f1b2c57b1149a125ea3b107f447b901aa2dd70c14f89bf423025374
Instruction Fuzzy Hash: 82025362A0EBD61FE797A624CB751B43BE1EF5225071D00FBC499CF1E3E91D684A8312

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D305D Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e1431b65195fd2fa2198f96510dba333f69ded5007a734956bd5ba1dbc6069
Instruction ID: f01bedf150c5819a514cd1a4d9f7cd7b7d6d54c8f955ee927ba4842dfc5d0223
Opcode Fuzzy Hash: 47e1431b65195fd2fa2198f96510dba333f69ded5007a734956bd5ba1dbc6069
Instruction Fuzzy Hash: 5BD19421F1DD4B2BF6EAB62C877527836C2EFD9660B5D017AD04DC72C6DD1DA80B4281

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720B79 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45a6f036a8fcd1a23eb6d8b8f612f0a1d23553bb6300471ae19061e029390641
Instruction ID: c4dc97b88465e653ee2b40433062fd83e4250a3f11b3001d02d7161c18be1706
Opcode Fuzzy Hash: 45a6f036a8fcd1a23eb6d8b8f612f0a1d23553bb6300471ae19061e029390641
Instruction Fuzzy Hash: 15B1E972E0DA8A4FE795EF18D8655E97FE1EF99310F1801BAD04AD7282CB2868428751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D40DD Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed44a26c14de8f4fcc9ef5345348318277c1bb969a4dcec688f17b4cd51bb20d
Instruction ID: 0a79502a6dc1ff9e86fde11298be6729e591689f3706eecbc05a6ef8b206e4b7
Opcode Fuzzy Hash: ed44a26c14de8f4fcc9ef5345348318277c1bb969a4dcec688f17b4cd51bb20d
Instruction Fuzzy Hash: 9741A711B1DB8A0FE386B76CC6752B97AD2EF9A610F5D00BBD049C72D3ED59AC0A4341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72156D Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9e1620ff0e50649093e0b6c20d047dabf3d05fc1768e5f3880f934ade25a28
Instruction ID: c3b7451a78237ae8c5c99508400b0bc6cbf75e31a0734d3912ae89138a92e660
Opcode Fuzzy Hash: 5c9e1620ff0e50649093e0b6c20d047dabf3d05fc1768e5f3880f934ade25a28
Instruction Fuzzy Hash: E6510F31B18A1E8FDB94FB68C5A5ABDB7E1FF59311F5400BAD40ED32A1DE24AC418780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D48E4 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0d524e71c87061698b67f9615a87e1ffacec18728ead1f7fab1a77da75b7bb
Instruction ID: e05127d435c8538c2c05a2b1e7a4e2cfa302c3951087f0e9b5a68b708cf75139
Opcode Fuzzy Hash: ce0d524e71c87061698b67f9615a87e1ffacec18728ead1f7fab1a77da75b7bb
Instruction Fuzzy Hash: C3419412B1DA9A0FE7A6E32CC6752743AD2EFC621075D01FAD08CCB2D7ED19984A8341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E721505 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e9204b15ee8d17d6f918e15f79341588f861540939b61b8ea308aa0fef30fa
Instruction ID: 279701f122a89c739619e4e45ddb729998a4121c31f89de99133f928a59d986c
Opcode Fuzzy Hash: 08e9204b15ee8d17d6f918e15f79341588f861540939b61b8ea308aa0fef30fa
Instruction Fuzzy Hash: 3D411331B0D64A4FE315AB28C9647A97BA1EF86314F5D40F7C44ECB2D6DA289C87C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7209DD Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10274bd77c47389bf1029e21003eb104284ec41829f92ad33531d5203ee5765c
Instruction ID: a6be9ecf76279466dfdbaa5c8b7881f94c106c575089a12b017304034cb15a06
Opcode Fuzzy Hash: 10274bd77c47389bf1029e21003eb104284ec41829f92ad33531d5203ee5765c
Instruction Fuzzy Hash: 4541C021F1D94D0FEB94FB6894796BDBBE1EB99210B48017AE04EC3283DE2858424391

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7219CD Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212ef3a6d371e24454ea3ceac2af6831853cbbebefffd57ae397b536046efcf9
Instruction ID: 3fccb2bd14d98f9c506497b12116afbec10194bbaca877aad64fc1541d10df64
Opcode Fuzzy Hash: 212ef3a6d371e24454ea3ceac2af6831853cbbebefffd57ae397b536046efcf9
Instruction Fuzzy Hash: D8418521E0D3966BE705FB7CD4B51EE7BB0EF06318F1840B6D0888A193EA2869468645

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D28B6 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16512cd234e748a8943113fdb4424980554d68d6cd97020963d23ebca5731852
Instruction ID: 8322fec098895c2c12738f6dd71dd65073cb8839f1d1c5fa69eafa4fe6f72d60
Opcode Fuzzy Hash: 16512cd234e748a8943113fdb4424980554d68d6cd97020963d23ebca5731852
Instruction Fuzzy Hash: 7C317451B18D4A1FF7E9B62C867523936C2EFD8650B5D157AD44DC32D6ED28EC0B8340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D2C5E Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4afae586d06a917316ab032c9d40cc2d43360b6b24ec5ac68bab6257f5b10ac5
Instruction ID: d29dff656d46b17536a4d7e8bbfc46a3f5bde80fa31a92c92382c1523ad2bdd9
Opcode Fuzzy Hash: 4afae586d06a917316ab032c9d40cc2d43360b6b24ec5ac68bab6257f5b10ac5
Instruction Fuzzy Hash: DA315211B18D4A0FF799F62C467523926C2EFD861075D45BAD44EC32D6EE28EC078340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720830 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c214077c5bdb7271b8db479efd2916e4778b57bfd2c91efc75c6694bffec42c8
Instruction ID: c5bdee4409c525e510d52d3ca75cceaa2dad6a3bb0a5a030b4d7516f7edaa3e1
Opcode Fuzzy Hash: c214077c5bdb7271b8db479efd2916e4778b57bfd2c91efc75c6694bffec42c8
Instruction Fuzzy Hash: 02210727B4DA994FC354AB2CE8641EA7BD0EFC6331B4541BBD0CACB152D664684783E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7207D8 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b365a32db1e1ff2f89d8567c2bcec0c6a9b82ce955ac30a12e41a19105723588
Instruction ID: 646e741c1604de3129e259ad6617b111f735b0c527f21aa0c2f913821e6025c4
Opcode Fuzzy Hash: b365a32db1e1ff2f89d8567c2bcec0c6a9b82ce955ac30a12e41a19105723588
Instruction Fuzzy Hash: 9B210B07B4D6AA26D2117A7DF8750EF7B90DF8633474944BBC1C68E093DE48389742E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D1FE7 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b51e04b281f0d38b92c6e8720db6875a675df2f7aa572a2dd604716d1aeaa0
Instruction ID: 87bd61cb638c45f3f3188885f0e33ce62081320f84e6f69980e56f88139a0a00
Opcode Fuzzy Hash: f8b51e04b281f0d38b92c6e8720db6875a675df2f7aa572a2dd604716d1aeaa0
Instruction Fuzzy Hash: 5F319F11B18E4E0FF6E5B62C967523966C2EFD8600B5D01BAD44EC32D6ED28EC0A8341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7207F8 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19be99d701e793b08252b0a7a0ff501dda781f16895107bc4b1961bf9137e1c
Instruction ID: a09a5fce5114132c8ed6e8aad6dc691cb67635b167c674333f92bbdb85271fa2
Opcode Fuzzy Hash: b19be99d701e793b08252b0a7a0ff501dda781f16895107bc4b1961bf9137e1c
Instruction Fuzzy Hash: 53212B07B4D6AA1AD2117A6DF9750EF7B90DFC233074904BBC1C68E097DE48389742E4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720800 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5549027d7940cbb366352b0505702522833a90d811afb4b140bad5ae692ea91
Instruction ID: 195e340a2d1db1fcdf1c9b451bdfb6d574a332420a2541c0553a027cbe1af86c
Opcode Fuzzy Hash: b5549027d7940cbb366352b0505702522833a90d811afb4b140bad5ae692ea91
Instruction Fuzzy Hash: 87110607B4D6A616D2107A6DFD790EA7B90DF8233074944BBC1CA8E087DA48389742E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720818 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee6cc1f9dc0f6088cefb0f53a42481355991105d312e0ba988627a0b55d8c4cd
Instruction ID: 2e7b340629c270419dde704d0cec9ca8fa1896ae8c09bcf6693f520490cc4915
Opcode Fuzzy Hash: ee6cc1f9dc0f6088cefb0f53a42481355991105d312e0ba988627a0b55d8c4cd
Instruction Fuzzy Hash: 9B11C647B4D6A61AD6147A6DFD790EA7B90DF8333074944BBC1CB8E087EA48389741F4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720820 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c312ad03b19672ea09ae4c53f1871d51e0c688f9ed3987dcb671d177686ebf19
Instruction ID: c36d41b84e608d4eaf4f5b94e034fceb900c3b1224a5287661a5e757be370ef4
Opcode Fuzzy Hash: c312ad03b19672ea09ae4c53f1871d51e0c688f9ed3987dcb671d177686ebf19
Instruction Fuzzy Hash: 1C11A907B4D5A61AD2107A6DFD750EA7B50DF8333475944B7C1C64E087EA49385741E4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720838 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e2abc5fd95fba79a702b7632137104346cfd77b16ac39014b1b8d75219fe52
Instruction ID: 3e6e45137cdc23cc4fda8f2d34f4907ee79164f85af90ad85a0df340c30dfe5d
Opcode Fuzzy Hash: 08e2abc5fd95fba79a702b7632137104346cfd77b16ac39014b1b8d75219fe52
Instruction Fuzzy Hash: 2E01B547B8D5A60AD5603A6DED750DA7B90DF8233075904BBC0CA8E087DA49384B82E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720E2F Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7beaf9874d840f10aac014b5c66bb0d6e313e47653233989f2d9897600a2af
Instruction ID: 621dad86398e37254aff913d5b261d002101cd7907f2cd35d38999f9975205b0
Opcode Fuzzy Hash: 2b7beaf9874d840f10aac014b5c66bb0d6e313e47653233989f2d9897600a2af
Instruction Fuzzy Hash: 1911EA31E0864A8B9B48EE58D9A19EDB7B2EF9C305F18016ED45EA3281CB256902C765

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720840 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ab2a11a602f03aa39cd6c24f144cf5d14c24bfc0d6ff73ea5c746e4f569f7a
Instruction ID: 91e2ae2688a40cd4a348d2c8ce94372ba55d4f46982803265943a8b7b45d6be3
Opcode Fuzzy Hash: 23ab2a11a602f03aa39cd6c24f144cf5d14c24bfc0d6ff73ea5c746e4f569f7a
Instruction Fuzzy Hash: CF018447B4E6954AD661796DE9790DA7F90DF8323075904BBC0CA4E087DA49394A82E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7204F8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37594e8d1405d470b4b0afccad4b573b275fe2ad8fb0cd554182ca10405b0fc1
Instruction ID: 2c828f04726cd2750ceb42c8e7c12f8dd8d0a8fb7c00e0c427f35cd3ac3127af
Opcode Fuzzy Hash: 37594e8d1405d470b4b0afccad4b573b275fe2ad8fb0cd554182ca10405b0fc1
Instruction Fuzzy Hash: 2A016423F1DA640BE7B09A1DFC561B9F3C0FB85231B5C027BE44DC6358DA29A84342C1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E720848 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37a776d45771e674d5d1c04d37d8bae819842ac9b8ab86ac714b9604fbe7e2d
Instruction ID: 6b48df46bb9807296262f2c1f876dddb50b911f77dc8e2d9c281e565265e9396
Opcode Fuzzy Hash: e37a776d45771e674d5d1c04d37d8bae819842ac9b8ab86ac714b9604fbe7e2d
Instruction Fuzzy Hash: EE01D607B4E6954AE661796DE9790DB7F90DF8323071904BBC0CA4B083DA49344A82F0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E723E91 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b735e0d0c70d0e0dd5a47f82e9ed0fc7a8fc0ee0afeeb8b7ee0fe8dfa86b525
Instruction ID: c45d7dcdfeadf5a0d693738d981fa3d58ed467aaadc3af71d3da3882683aef4d
Opcode Fuzzy Hash: 0b735e0d0c70d0e0dd5a47f82e9ed0fc7a8fc0ee0afeeb8b7ee0fe8dfa86b525
Instruction Fuzzy Hash: 3B014F20F09A494FE785E728C16527D36E2FF8A380F9D80FA841DC72D6DF299D428350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72203F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 329e5b60a4c7b4d57518a43fd4feeb65f9f2768f6b72b0ad39e8ab7b0ca0194f
Instruction ID: 455eda57a83a053dae0a0c98ee5928a922c336f03f8df08643f9c5efaa82c896
Opcode Fuzzy Hash: 329e5b60a4c7b4d57518a43fd4feeb65f9f2768f6b72b0ad39e8ab7b0ca0194f
Instruction Fuzzy Hash: 56018F31F09A4A8FE745EA18C1642AC33A2FB99340F9D41B6C41DC72D5DF29AD024790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7215B5 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f692144cc3abd760fc16407ce1753f1788103d0f5f913ac8d187ee24783f0b
Instruction ID: 00c76baecb2d4d9cacb425afe7390686faba1ca34b02ba9848c77f86135b23d6
Opcode Fuzzy Hash: f6f692144cc3abd760fc16407ce1753f1788103d0f5f913ac8d187ee24783f0b
Instruction Fuzzy Hash: E0F02831D4DA8217D709FE78A535565BB21AF66200F0C936BC8184B587EE09383C87CA

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7208E6 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb68728c92f319b5ee8685c05fc75b8252dcb91d8af22964f4b7a62be9b12c4e
Instruction ID: 5bda668d532583af26f608b846c37baa9287bfadd7a6ad80a234d95b2acdb5ef
Opcode Fuzzy Hash: fb68728c92f319b5ee8685c05fc75b8252dcb91d8af22964f4b7a62be9b12c4e
Instruction Fuzzy Hash: E4F0D470A08A488FC788DF1CC05966A7BE1EF9D326F55826BE48EC7661C734D9498B02

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72A390 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c581538d819ea1d9a8a6a17cf36be0e79c81f3a719021955730db953e19e4b0
Instruction ID: 729a875011461794b94c8a6bdc475085a5d0ff3baaa87bc59c4897361d5aebdc
Opcode Fuzzy Hash: 6c581538d819ea1d9a8a6a17cf36be0e79c81f3a719021955730db953e19e4b0
Instruction Fuzzy Hash: 0FF05E30609E4E4FEB49EB38C5297B937E1FB8A245B9540AAD40DC7293DE2898858701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E721ACF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49d87be0d98f970ccb74047999e24514cfd118669efa2a29f77827ec71ad367
Instruction ID: 7804c41dbea6f991fda1c390e076aea6afd88fd3cbb0d3effd38e988c51441f8
Opcode Fuzzy Hash: f49d87be0d98f970ccb74047999e24514cfd118669efa2a29f77827ec71ad367
Instruction Fuzzy Hash: 08F06D30B086468FE749EF68C4646ADBBF0FF15310F5845BAD009C7291EB38A984CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E726AE6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e254ddcd3daab22697f918e4e4f8e13ac23f8b28c0af947463210497f4c1b59
Instruction ID: d0d83729624506bd748ea16e55a0e0693a9d5a2729e176d3de1650c8e7c83ea9
Opcode Fuzzy Hash: 6e254ddcd3daab22697f918e4e4f8e13ac23f8b28c0af947463210497f4c1b59
Instruction Fuzzy Hash: 6FF08230E0EA494FD346E728C0282687AA1FF4A344F9D00FAC41DCB2E7DF685D469755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72C660 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60914c66657604e5daa6f1641339d9b5188cbd661698ececb6ebd33feefe9c20
Instruction ID: 0b0c1a9b08fe5f6aca3bbf1ccc7c6c73913d8345ff6439d6fe77d3a62c78f28b
Opcode Fuzzy Hash: 60914c66657604e5daa6f1641339d9b5188cbd661698ececb6ebd33feefe9c20
Instruction Fuzzy Hash: 28D05E30B20D0D4B9B0CB62D885C430F3D1E7A920279453A9940AC2291ED65ECC5C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72D9A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6dfb3706854ff237d3f45c34780da04ada77e01c29cac70194b094a646ea43a
Instruction ID: 9df61e2c2997385904c0cfb8c85bcc539989ddc3e811f2793ec47c255f835ee8
Opcode Fuzzy Hash: d6dfb3706854ff237d3f45c34780da04ada77e01c29cac70194b094a646ea43a
Instruction Fuzzy Hash: 58D05E30B10D0D4B8B0CB63D886C434B3D2E7A92027D45369940AC2295ED26ECC68B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7D3CEE Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3038636255.00007FFD5E7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e7d0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257818322b7af5a2d4d708bc93f79d04ea0f5149d3d9d086ca37beab78c12e3d
Instruction ID: a8805cf89a5e149fd3bb2f9330e30240047075eee5a0fe481038d72692c34921
Opcode Fuzzy Hash: 257818322b7af5a2d4d708bc93f79d04ea0f5149d3d9d086ca37beab78c12e3d
Instruction Fuzzy Hash: F0D02201B2C41A03F600308CF9663B87282DF88718F18003BE00DC27C6CC8EBC8603C2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72DA18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c59f0df2b3fe081b4040d2716838492134124859c3237fbe25c71939fc24d2
Instruction ID: 7b60e45e40f8858fe822f75598f6be5d9fcf60d9b5a1a2cde26712c964639503
Opcode Fuzzy Hash: c0c59f0df2b3fe081b4040d2716838492134124859c3237fbe25c71939fc24d2
Instruction Fuzzy Hash: F8D01230B60D084F8B4CF73DC95997073D1EBAD21679941A9D00EC72B2E96ADC99C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72C378 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b2b38dfc2bc843823221b75a53e4fc6fdfd486cfb16b2e57ed2ecde7633eb0
Instruction ID: 4c7a37c848b9c8557cd89a0a270d64d856f0882151bb1b51cde10edc9dd181e9
Opcode Fuzzy Hash: 91b2b38dfc2bc843823221b75a53e4fc6fdfd486cfb16b2e57ed2ecde7633eb0
Instruction Fuzzy Hash: 0ED01230B60D084F8B8CF73CC85997073D1EB6D216B9940A9D00EC76B2E96ADC89C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7216DD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a18a53d09385f89d3d1f3fdcb3b66d1438c0c328316da516140ecbe29382c34
Instruction ID: 1938df853f093a4547b578c72905888847d7abf1e8b9dea4babf495d0e447267
Opcode Fuzzy Hash: 9a18a53d09385f89d3d1f3fdcb3b66d1438c0c328316da516140ecbe29382c34
Instruction Fuzzy Hash: AEC08C346548088FC948FB2CC898C0833B0FB0A300BCA00A0E40DC7171D319DCC2C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7209B0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaee8c0ced134f3cc6803c97090f08855874aee179289fbb596b7297ae21be5f
Instruction ID: 9782a553e057bd960f89114c6d85d3f2f6dcf9e74b7e161e1dd0df34c3636b0a
Opcode Fuzzy Hash: eaee8c0ced134f3cc6803c97090f08855874aee179289fbb596b7297ae21be5f
Instruction Fuzzy Hash: 1AC08C52E1A80A41B6903869812E17829819B8C100B140031A00EC15C3DC0C68434221

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E75C7B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dd1d68da9cf857cb6db9c32897026181f81ee45322c7d1bb4b75c09b3094623
Instruction ID: a5cf8c626535293f598d2ad02fe772703e80381dd50b47dfe5ac8e142d88c206
Opcode Fuzzy Hash: 5dd1d68da9cf857cb6db9c32897026181f81ee45322c7d1bb4b75c09b3094623
Instruction Fuzzy Hash: F4C0923052180C8FCA44FB3DC88990077E0FB0E215BCA00C0E40CCB271E26ADC94CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E72162D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56b02c9b73447c87f2024661b230ab67313ef87a282cabf712aa9c3290f6e348
Instruction ID: e297df539cfc2e29bd50bb4bd1e05058762d628cb213559c84b13d0948c87d07
Opcode Fuzzy Hash: 56b02c9b73447c87f2024661b230ab67313ef87a282cabf712aa9c3290f6e348
Instruction Fuzzy Hash: 26B09210E5A50B86D6143ABACA92068B190BB88240FE804B6D48A80085E96E10D6A3A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD5E7244B4 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3036896048.00007FFD5E720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD5E720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd5e720000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a11d2140023a2197b8d64beb7adc7b901ea565373878ebc9d1957fd992426305
Instruction ID: 3865720a49650bf54b7c9a5341a79beccb143720d108bfbf81a91e11783373cd
Opcode Fuzzy Hash: a11d2140023a2197b8d64beb7adc7b901ea565373878ebc9d1957fd992426305
Instruction Fuzzy Hash: 9CC09225E1925941E726AA30C9291FEB2927F8C304F0A8AB2945B964C6DF3C6B01D584

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFDC4279ED0 Relevance: 238.5, APIs: 70, Strings: 66, Instructions: 545memoryCOMMON

Download Yara Rule

APIs

OutputDebugStringA.KERNEL32 ref: 00007FFDC4279F68
GetProcessHeap.KERNEL32 ref: 00007FFDC4279F78
OutputDebugStringA.KERNEL32 ref: 00007FFDC4279F8D
GetLastError.KERNEL32 ref: 00007FFDC4279F93
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A78D
HeapFree.KERNEL32 ref: 00007FFDC427A7DC
_snprintf.LIBCMT ref: 00007FFDC427A814
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A81E

Strings

modern strong name check failure., xrefs: 00007FFDC427A3DD
modern strong name token failure., xrefs: 00007FFDC427A42E
eeeSdk1: %s HRESULT 0x%016X, xrefs: 00007FFDC427A7FF
ARM64, xrefs: 00007FFDC427A150
assembly path not trusted., xrefs: 00007FFDC427A200
ICLRRuntimeInfo loadable failure., xrefs: 00007FFDC427A35D
verify method unreachable., xrefs: 00007FFDC427A6EF
assembly path found via process., xrefs: 00007FFDC427A1D5
System.Data.SQLite.SEE.License, xrefs: 00007FFDC4279FDE, 00007FFDC427A16F
good callback from setup method., xrefs: 00007FFDC427A62B
could not execute verify method., xrefs: 00007FFDC427A701
bad assembly path env size., xrefs: 00007FFDC427A74C
assembly path env failure., xrefs: 00007FFDC427A730
v4.0.30319, xrefs: 00007FFDC427A312
missing CLR function., xrefs: 00007FFDC427A2A3
CoreCLR, xrefs: 00007FFDC427A224
process license ticket validated., xrefs: 00007FFDC427A4D8
LicenseAssemblyPath, xrefs: 00007FFDC427A033
strong name token size mismatch., xrefs: 00007FFDC427A48A
System.Data.SQLite.SQLiteExtra, xrefs: 00007FFDC427A692
bad callback from setup method., xrefs: 00007FFDC427A659
invalid ICLRRuntimeHost., xrefs: 00007FFDC4279F61
Verify, xrefs: 00007FFDC427A68B
no current application domain?, xrefs: 00007FFDC427A554
v2.0.50727, xrefs: 00007FFDC427A305
assembly path is trusted., xrefs: 00007FFDC427A217
strong name token data missing., xrefs: 00007FFDC427A710
MSCorEE, xrefs: 00007FFDC427A251
assembly path not found via process., xrefs: 00007FFDC427A1B7
detected .NET Core in process., xrefs: 00007FFDC427A236
verify method returned failure., xrefs: 00007FFDC427A6CE
could not get ICLRStrongName., xrefs: 00007FFDC427A3AC
x64, xrefs: 00007FFDC427A123
using non-default application domain., xrefs: 00007FFDC427A52C
strong name token data mismatch., xrefs: 00007FFDC427A4AB
<unknown>, xrefs: 00007FFDC427A7F8
module path not trusted., xrefs: 00007FFDC4279FC7
CLR creation not implemented., xrefs: 00007FFDC427A2EE
modern strong name check verified., xrefs: 00007FFDC427A440
LicenseOtherAppDomain, xrefs: 00007FFDC427A511
could not get module file name., xrefs: 00007FFDC427A724
ICLRRuntimeInfo not loadable., xrefs: 00007FFDC427A376
assembly path not found via module., xrefs: 00007FFDC427A1A2
could not create ICLRMetaHost., xrefs: 00007FFDC427A2D5
SdkCallback_%lX_%lX_%lX, xrefs: 00007FFDC427A58D
CLRCreateInstance, xrefs: 00007FFDC427A28E
assembly path env success., xrefs: 00007FFDC427A054
using default application domain., xrefs: 00007FFDC427A670
strong name size and data matched., xrefs: 00007FFDC427A4C2
modern strong name check unverified., xrefs: 00007FFDC427A3F6
assembly path env not found., xrefs: 00007FFDC427A08B
invalid process heap., xrefs: 00007FFDC4279F86
could not trim module file name., xrefs: 00007FFDC427A0F7
Win32, xrefs: 00007FFDC427A132
strong name check was not verified., xrefs: 00007FFDC427A454
could not unset setup method callback., xrefs: 00007FFDC427A5F9
verify method returned success., xrefs: 00007FFDC427A6BC
missing CLR module in process., xrefs: 00007FFDC427A263
could not get ICLRRuntimeInfo., xrefs: 00007FFDC427A335
.dll, xrefs: 00007FFDC427A17F
could not get setup method callback., xrefs: 00007FFDC427A5DA
could not free strong name buffer., xrefs: 00007FFDC427A786
ARM, xrefs: 00007FFDC427A141
assembly path found via module., xrefs: 00007FFDC427A1E1
x86, xrefs: 00007FFDC427A110
could not allocate path., xrefs: 00007FFDC427A00F

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DebugOutputString$Heap$ErrorFreeLastProcess_snprintf
String ID: .dll$<unknown>$ARM$ARM64$CLR creation not implemented.$CLRCreateInstance$CoreCLR$ICLRRuntimeInfo loadable failure.$ICLRRuntimeInfo not loadable.$LicenseAssemblyPath$LicenseOtherAppDomain$MSCorEE$SdkCallback_%lX_%lX_%lX$System.Data.SQLite.SEE.License$System.Data.SQLite.SQLiteExtra$Verify$Win32$assembly path env failure.$assembly path env not found.$assembly path env success.$assembly path found via module.$assembly path found via process.$assembly path is trusted.$assembly path not found via module.$assembly path not found via process.$assembly path not trusted.$bad assembly path env size.$bad callback from setup method.$could not allocate path.$could not create ICLRMetaHost.$could not execute verify method.$could not free strong name buffer.$could not get ICLRRuntimeInfo.$could not get ICLRStrongName.$could not get module file name.$could not get setup method callback.$could not trim module file name.$could not unset setup method callback.$detected .NET Core in process.$eeeSdk1: %s HRESULT 0x%016X$good callback from setup method.$invalid ICLRRuntimeHost.$invalid process heap.$missing CLR function.$missing CLR module in process.$modern strong name check failure.$modern strong name check unverified.$modern strong name check verified.$modern strong name token failure.$module path not trusted.$no current application domain?$process license ticket validated.$strong name check was not verified.$strong name size and data matched.$strong name token data mismatch.$strong name token data missing.$strong name token size mismatch.$using default application domain.$using non-default application domain.$v2.0.50727$v4.0.30319$verify method returned failure.$verify method returned success.$verify method unreachable.$x64$x86
API String ID: 2190981363-1032399850
Opcode ID: c602cf345937581d12fa30f8a5731c384118f39555d308abbc197486fe88b306
Instruction ID: cedbd827b7312064aab2722b35f687380150d12f66b2362ed6d17d364c515d11
Opcode Fuzzy Hash: c602cf345937581d12fa30f8a5731c384118f39555d308abbc197486fe88b306
Instruction Fuzzy Hash: CA423B25B89A4381FA14BF51E9FA179A360FF86B9CF504131DD0E826A4DF3EE549C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC427A860 Relevance: 77.2, APIs: 21, Strings: 23, Instructions: 188libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FFDC427A8AF
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A8C8
GetProcAddress.KERNEL32 ref: 00007FFDC427A8D8
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A91B
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A92D
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A93F
GetModuleHandleW.KERNEL32 ref: 00007FFDC427A956
OutputDebugStringA.KERNEL32 ref: 00007FFDC427A968
GetLastError.KERNEL32 ref: 00007FFDC427A96E
OutputDebugStringA.KERNEL32 ref: 00007FFDC427AAE3
_snprintf.LIBCMT ref: 00007FFDC427AB64
OutputDebugStringA.KERNEL32 ref: 00007FFDC427AB6E

Strings

ICLRRuntimeInfo not loadable., xrefs: 00007FFDC427AA9A
missing CLR module in process., xrefs: 00007FFDC427A961
could not get ICLRRuntimeInfo., xrefs: 00007FFDC427AA5D
eeeSdk1: %s HRESULT 0x%016X, xrefs: 00007FFDC427AB4F
could not create ICLRMetaHost., xrefs: 00007FFDC427A9C5
CorBindToRuntimeEx success., xrefs: 00007FFDC427AA1B
CorBindToRuntimeEx failure., xrefs: 00007FFDC427AA27
ICLRRuntimeHost query success., xrefs: 00007FFDC427AADC
GetCLRRuntimeHost, xrefs: 00007FFDC427A8CE
missing CoreCLR function., xrefs: 00007FFDC427A938
CLRCreateInstance, xrefs: 00007FFDC427A98C
MSCorEE, xrefs: 00007FFDC427A94F
ICLRRuntimeInfo loadable failure., xrefs: 00007FFDC427AA85
ICLRRuntimeHost2 start failure., xrefs: 00007FFDC427A914
detected .NET Core in process., xrefs: 00007FFDC427A8C1
<unknown>, xrefs: 00007FFDC427AB48
v4.0.30319, xrefs: 00007FFDC427AA4D
could not get ICLRRuntimeHost2., xrefs: 00007FFDC427A926
CLR creation not implemented., xrefs: 00007FFDC427A9DE
missing CLR function., xrefs: 00007FFDC427A9A1
could not get ICLRRuntimeHost., xrefs: 00007FFDC427AACD
CoreCLR, xrefs: 00007FFDC427A895
ICLRRuntimeHost2 start success., xrefs: 00007FFDC427A908

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DebugOutputString$HandleModule$AddressErrorLastProc_snprintf
String ID: <unknown>$CLR creation not implemented.$CLRCreateInstance$CorBindToRuntimeEx failure.$CorBindToRuntimeEx success.$CoreCLR$GetCLRRuntimeHost$ICLRRuntimeHost query success.$ICLRRuntimeHost2 start failure.$ICLRRuntimeHost2 start success.$ICLRRuntimeInfo loadable failure.$ICLRRuntimeInfo not loadable.$MSCorEE$could not create ICLRMetaHost.$could not get ICLRRuntimeHost.$could not get ICLRRuntimeHost2.$could not get ICLRRuntimeInfo.$detected .NET Core in process.$eeeSdk1: %s HRESULT 0x%016X$missing CLR function.$missing CLR module in process.$missing CoreCLR function.$v4.0.30319
API String ID: 891969396-3302285550
Opcode ID: 841f015d42424ae25e9bc220af3213b4b759d1633cabef93a667e31c0db02235
Instruction ID: d13c4c1a4fe31387b235ee2d2427e0b6a41e4eb066a51836c407878f8f6e3ac1
Opcode Fuzzy Hash: 841f015d42424ae25e9bc220af3213b4b759d1633cabef93a667e31c0db02235
Instruction Fuzzy Hash: C9A14921B89A0382EB00EF64E9F1179B360FFC6B58F904132D94E826A4DF3DE549C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425C0DC Relevance: 40.7, APIs: 22, Strings: 1, Instructions: 465COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FFDC425C132
_errno.LIBCMT ref: 00007FFDC425C139
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425C144

Strings

U, xrefs: 00007FFDC425C6C0

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: a2f2d1665627d060fa2fe9f8aabccc132b2348703d9c7b133817182dd4b98fd6
Instruction ID: abcbe5242f7df56209386c48ee2729a1f3be49cd5551683df8992eb1e2b7569b
Opcode Fuzzy Hash: a2f2d1665627d060fa2fe9f8aabccc132b2348703d9c7b133817182dd4b98fd6
Instruction Fuzzy Hash: 5F120832B0864386EB209F66D4E5379B3A0FB86B5CF144136DA4D47698EF3EE445C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425F0F8 Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 136libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00007FFDC425F13D
GetProcAddress.KERNEL32 ref: 00007FFDC425F159
EncodePointer.KERNEL32 ref: 00007FFDC425F16B
GetProcAddress.KERNEL32 ref: 00007FFDC425F182
EncodePointer.KERNEL32 ref: 00007FFDC425F18B
GetProcAddress.KERNEL32 ref: 00007FFDC425F1A2
EncodePointer.KERNEL32 ref: 00007FFDC425F1AB
GetProcAddress.KERNEL32 ref: 00007FFDC425F1C2
EncodePointer.KERNEL32 ref: 00007FFDC425F1CB
GetProcAddress.KERNEL32 ref: 00007FFDC425F1EA
EncodePointer.KERNEL32 ref: 00007FFDC425F1F3
DecodePointer.KERNEL32 ref: 00007FFDC425F226
DecodePointer.KERNEL32 ref: 00007FFDC425F236
DecodePointer.KERNEL32 ref: 00007FFDC425F28C
DecodePointer.KERNEL32 ref: 00007FFDC425F2AD
DecodePointer.KERNEL32 ref: 00007FFDC425F2C7

Strings

MessageBoxW, xrefs: 00007FFDC425F14F
GetUserObjectInformationW, xrefs: 00007FFDC425F1B1
GetProcessWindowStation, xrefs: 00007FFDC425F1E0
USER32.DLL, xrefs: 00007FFDC425F136
GetLastActivePopup, xrefs: 00007FFDC425F191
atan2, xrefs: 00007FFDC425F0FD
GetActiveWindow, xrefs: 00007FFDC425F171

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL$atan2
API String ID: 2643518689-2636848520
Opcode ID: e9332d9b6abbf736db30a0fc75a7e9875df85eaae75fcce246ee4ecba034d18f
Instruction ID: 390d0fdf38c13f8603ccaec097715f621876d1cc495b28a6b28167e948f59d14
Opcode Fuzzy Hash: e9332d9b6abbf736db30a0fc75a7e9875df85eaae75fcce246ee4ecba034d18f
Instruction Fuzzy Hash: DA511C64B8BB1381F964FF91B8B623572A0BF8BB9CB550535DC0E837D4EE3DA4458680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC426A9E0 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 233encryptionstringCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FFDC426AA12
GetEnvironmentVariableA.KERNEL32 ref: 00007FFDC426AA4B
lstrlenA.KERNEL32 ref: 00007FFDC426AA65
CryptAcquireContextW.ADVAPI32 ref: 00007FFDC426AB28
CryptCreateHash.ADVAPI32 ref: 00007FFDC426AB50
CryptHashData.ADVAPI32 ref: 00007FFDC426ABE2
CryptDeriveKey.ADVAPI32 ref: 00007FFDC426AC0C
CryptDecrypt.ADVAPI32 ref: 00007FFDC426AC3E
wsprintfA.USER32 ref: 00007FFDC426AC71
GetEnvironmentVariableA.KERNEL32 ref: 00007FFDC426ACAE
lstrlenA.KERNEL32 ref: 00007FFDC426ACBD
lstrcatA.KERNEL32 ref: 00007FFDC426ACD6
lstrcatA.KERNEL32 ref: 00007FFDC426ACE8
lstrcmpA.KERNEL32 ref: 00007FFDC426ACF9
CryptDestroyKey.ADVAPI32 ref: 00007FFDC426AD27
CryptDestroyHash.ADVAPI32 ref: 00007FFDC426AD3C
CryptReleaseContext.ADVAPI32 ref: 00007FFDC426AD5B

Strings

Harpy SDK v1.12 License Ticket for Process %lu, xrefs: 00007FFDC426AC60
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 00007FFDC426AAF9
HarpyTicketId, xrefs: 00007FFDC426AC7F
HarpyLicenseTicket, xrefs: 00007FFDC426AA3E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Crypt$Hash$ContextDestroyEnvironmentVariablelstrcatlstrlen$AcquireCreateCurrentDataDecryptDeriveProcessReleaselstrcmpwsprintf
String ID: Harpy SDK v1.12 License Ticket for Process %lu$HarpyLicenseTicket$HarpyTicketId$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 180405519-3523284812
Opcode ID: 42bf115115d124bb85c3c11ff9bf7bbfb470b899bb2cb1b53582c7c4aaddc20d
Instruction ID: 3972ac29dfc3e12cc2f0e885301a242e2eb88531bb9551841b7f991ff35a2237
Opcode Fuzzy Hash: 42bf115115d124bb85c3c11ff9bf7bbfb470b899bb2cb1b53582c7c4aaddc20d
Instruction Fuzzy Hash: E5A11922759A8286F710DF65E8A26EA77A4FBC6758F404035EE8D83A98DF7CD504C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425770C Relevance: 32.2, APIs: 17, Strings: 1, Instructions: 723COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDC4253814: _getptd.LIBCMT ref: 00007FFDC4253826

_errno.LIBCMT ref: 00007FFDC4257777
_errno.LIBCMT ref: 00007FFDC4257788
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4257793
_fileno.LIBCMT ref: 00007FFDC42577CC
_errno.LIBCMT ref: 00007FFDC425783F
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425784A
write_multi_char.LIBCMT ref: 00007FFDC4257E23
write_multi_char.LIBCMT ref: 00007FFDC4257E5E
write_multi_char.LIBCMT ref: 00007FFDC4257F11
free.LIBCMT ref: 00007FFDC4257F29
write_char.LIBCMT ref: 00007FFDC425806A
write_char.LIBCMT ref: 00007FFDC4258095

Strings

, xrefs: 00007FFDC4257DF3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_char$_fileno_getptdfree
String ID:
API String ID: 920461082-3916222277
Opcode ID: a03adf674f6a554898157573beacb612e4db7392f234085c7d12b5f7b8db9f27
Instruction ID: 7859ec6c094ea0c8786bcb50df9661cef49c1bae7baf25f432774194d8ca95f4
Opcode Fuzzy Hash: a03adf674f6a554898157573beacb612e4db7392f234085c7d12b5f7b8db9f27
Instruction Fuzzy Hash: 48528062F4C68286FB65CE1494A637EEAA1BFC375CF141036DA8D47694DE7EE8408780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42E4A60 Relevance: 24.1, Strings: 19, Instructions: 336COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FFDC42E4D54
gfff, xrefs: 00007FFDC42E4C80
gfff, xrefs: 00007FFDC42E4C4E
gfff, xrefs: 00007FFDC42E4CA4
gfff, xrefs: 00007FFDC42E4D8A
gfff, xrefs: 00007FFDC42E4BD4
gfff, xrefs: 00007FFDC42E4E0C
gfff, xrefs: 00007FFDC42E4B22
gfff, xrefs: 00007FFDC42E4BF8
gfff, xrefs: 00007FFDC42E4B40
gfff, xrefs: 00007FFDC42E4DA2
gfff, xrefs: 00007FFDC42E4B0A
gfff, xrefs: 00007FFDC42E4B96
gfff, xrefs: 00007FFDC42E4C2A
gfff, xrefs: 00007FFDC42E4D1A
gfff, xrefs: 00007FFDC42E4DB3
gfff, xrefs: 00007FFDC42E4E28
gfff, xrefs: 00007FFDC42E4AD8
gfff, xrefs: 00007FFDC42E4B72

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
API String ID: 0-767664412
Opcode ID: eacd2c0cbf67136efa9bb6640d05cb67c3431eb8a7d18d46c8a84f00f8a0a348
Instruction ID: 77b78fe2c29e3c45cc3782a99fa410de9b079cc511d34e2bf4b9a4027eb05875
Opcode Fuzzy Hash: eacd2c0cbf67136efa9bb6640d05cb67c3431eb8a7d18d46c8a84f00f8a0a348
Instruction Fuzzy Hash: 1CB146D3B201984BE7998E3EB862BDD1B85D3A1348F485235F641CFFC6E92AE501C742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC43140E0 Relevance: 19.9, Strings: 15, Instructions: 1153COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFDC43148E4
new, xrefs: 00007FFDC4314240, 00007FFDC43148FB, 00007FFDC43149DB
no such column, xrefs: 00007FFDC43151C5
main, xrefs: 00007FFDC43141F0
%s: %s.%s.%s, xrefs: 00007FFDC43151F0
old, xrefs: 00007FFDC4314A44
misuse of aliased aggregate %s, xrefs: 00007FFDC4314F16
double-quoted string literal: "%w", xrefs: 00007FFDC43150C0
ambiguous column name, xrefs: 00007FFDC43151CE
%s: %s, xrefs: 00007FFDC4315219
row value misused, xrefs: 00007FFDC4314FA0
coalesce, xrefs: 00007FFDC431518B
excluded, xrefs: 00007FFDC4314ABB
misuse of aliased window function %s, xrefs: 00007FFDC4314F62
%s: %s.%s, xrefs: 00007FFDC4315206

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s: %s$%s: %s.%s$%s: %s.%s.%s$H$ambiguous column name$coalesce$double-quoted string literal: "%w"$excluded$main$misuse of aliased aggregate %s$misuse of aliased window function %s$new$no such column$old$row value misused
API String ID: 0-2836086748
Opcode ID: 137659eb0b26244fb97bbfe89d68335c99259dc30987c70d6df3dbd98c068c66
Instruction ID: 8920aa721806255dbdf6e5f1af5cabcd1e2a63a3bd85ae0bc28354bab4204718
Opcode Fuzzy Hash: 137659eb0b26244fb97bbfe89d68335c99259dc30987c70d6df3dbd98c068c66
Instruction Fuzzy Hash: FAB2BF32B4869285EB649F1691A07B96BA0FBE7B98F154136DE9E43784DF2CE400C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC426AE40 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

OutputDebugStringA.KERNEL32 ref: 00007FFDC426AEA3
HeapAlloc.KERNEL32 ref: 00007FFDC426AEB9
OutputDebugStringA.KERNEL32 ref: 00007FFDC426AECE
WinVerifyTrust.WINTRUST ref: 00007FFDC426AF96
HeapFree.KERNEL32 ref: 00007FFDC426AFAB

Strings

cannot trust, no module file name., xrefs: 00007FFDC426AF0A
cannot trust, cannot allocate., xrefs: 00007FFDC426AEC7
cannot trust, heap invalid., xrefs: 00007FFDC426AE9C

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DebugHeapOutputString$AllocFreeTrustVerify
String ID: cannot trust, cannot allocate.$cannot trust, heap invalid.$cannot trust, no module file name.
API String ID: 133523416-3277164374
Opcode ID: 04b9235434f3f0874d80b5ffea090c67316d02489a178dc25982342f2468827e
Instruction ID: 749df5a539e62d571189b59850fe7e5292fac12617f1dfba5868baed71a2e267
Opcode Fuzzy Hash: 04b9235434f3f0874d80b5ffea090c67316d02489a178dc25982342f2468827e
Instruction Fuzzy Hash: 60416071B89B028AFB10EFA5D4A53AD72B1AB4A79CF004139DE0D46B94DF7D94498780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42E47B0 Relevance: 17.7, Strings: 14, Instructions: 201COMMON

Download Yara Rule

Strings

:, xrefs: 00007FFDC42E47FD
gfff, xrefs: 00007FFDC42E49DA
gfff, xrefs: 00007FFDC42E486A
gfff, xrefs: 00007FFDC42E49BE
gfff, xrefs: 00007FFDC42E493C
gfff, xrefs: 00007FFDC42E48D8
gfff, xrefs: 00007FFDC42E4954
gfff, xrefs: 00007FFDC42E47F4
gfff, xrefs: 00007FFDC42E4846
gfff, xrefs: 00007FFDC42E490A
:, xrefs: 00007FFDC42E47F9
gfff, xrefs: 00007FFDC42E4814
gfff, xrefs: 00007FFDC42E4965
., xrefs: 00007FFDC42E48B8

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: .$:$:$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
API String ID: 0-3693326857
Opcode ID: 49923f015a753d8f2a9908b1f7f0f9becf3fb53ad462df3b72c69fcfdd044f45
Instruction ID: 99fd05444fe4331bbccb2fdbecf3072df925da325305f25001a9e9b39273162d
Opcode Fuzzy Hash: 49923f015a753d8f2a9908b1f7f0f9becf3fb53ad462df3b72c69fcfdd044f45
Instruction Fuzzy Hash: A1613BD3F211944BF749CA3EB822BED2B9593A1349F484235EA41DFBC6E929D502C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425D390 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 159fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_set_error_mode.LIBCMT ref: 00007FFDC425D3D5
_set_error_mode.LIBCMT ref: 00007FFDC425D3E6
GetModuleFileNameW.KERNEL32 ref: 00007FFDC425D448

Part of subcall function 00007FFDC4255CA4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FFDC4255D46), ref: 00007FFDC4255CBC

GetStdHandle.KERNEL32 ref: 00007FFDC425D55D
WriteFile.KERNEL32 ref: 00007FFDC425D5BA

Strings

<program name unknown>, xrefs: 00007FFDC425D457
Microsoft Visual C++ Runtime Library, xrefs: 00007FFDC425D501
..., xrefs: 00007FFDC425D49A
Runtime Error!Program: , xrefs: 00007FFDC425D415
atan2, xrefs: 00007FFDC425D3A0

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $atan2
API String ID: 2183313154-898273671
Opcode ID: 3854d2bf8c49c13fc2d6a522b161096948412d13de31986f58a32ecf6fd43a32
Instruction ID: 9783402d266c2118c8b036fb4d547bb6bb4c7b7993c6a3763efcfbc4e109a713
Opcode Fuzzy Hash: 3854d2bf8c49c13fc2d6a522b161096948412d13de31986f58a32ecf6fd43a32
Instruction Fuzzy Hash: 3C51F221B1868242FB24EF25A4B36BAA390BF867CCF404131EE5D43A95DF3EE501C680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4300080 Relevance: 15.5, Strings: 12, Instructions: 483COMMON

Download Yara Rule

Strings

Tree %u page %u right child: , xrefs: 00007FFDC4300290
Multiple uses for byte %u of page %u, xrefs: 00007FFDC430074E
Rowid %lld out of order, xrefs: 00007FFDC43003D4
Extends off end of page, xrefs: 00007FFDC4300381
Offset %u out of range %u..%u, xrefs: 00007FFDC430071C
unable to get the page. error code=%d, xrefs: 00007FFDC43007BD
btreeInitPage() returns error code %d, xrefs: 00007FFDC43001B7
Child page depth differs, xrefs: 00007FFDC43004E4
Fragmentation of %u bytes reported as %u on page %u, xrefs: 00007FFDC4300795
Tree %u page %u cell %u: , xrefs: 00007FFDC4300203
free space corruption, xrefs: 00007FFDC43001E4
Tree %u page %u: , xrefs: 00007FFDC430012B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: Child page depth differs$Extends off end of page$Fragmentation of %u bytes reported as %u on page %u$Multiple uses for byte %u of page %u$Offset %u out of range %u..%u$Rowid %lld out of order$Tree %u page %u cell %u: $Tree %u page %u right child: $Tree %u page %u: $btreeInitPage() returns error code %d$free space corruption$unable to get the page. error code=%d
API String ID: 0-835090162
Opcode ID: 4ac1da6f93a5b948238d814e032a41d4b9721ad57b11199415d1775f795e9706
Instruction ID: d64b0810a6bfb6c8a91a21037df7bbffd3917481c57b399ee798e2086c8d3cf4
Opcode Fuzzy Hash: 4ac1da6f93a5b948238d814e032a41d4b9721ad57b11199415d1775f795e9706
Instruction Fuzzy Hash: E222B1727186918BD7649F19E0A06AEBBB0F786B88F044135EB8983B45DF3DE455CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4255E68 Relevance: 15.3, APIs: 10, Instructions: 292timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.LIBCMT ref: 00007FFDC4255E93

Part of subcall function 00007FFDC425BAAC: _amsg_exit.LIBCMT ref: 00007FFDC425BAD6

_get_daylight.LIBCMT ref: 00007FFDC4255EA9

Part of subcall function 00007FFDC4256C04: _errno.LIBCMT ref: 00007FFDC4256C0D
Part of subcall function 00007FFDC4256C04: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4256C18

_get_daylight.LIBCMT ref: 00007FFDC4255EBE

Part of subcall function 00007FFDC4256BA4: _errno.LIBCMT ref: 00007FFDC4256BAD
Part of subcall function 00007FFDC4256BA4: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4256BB8

_get_daylight.LIBCMT ref: 00007FFDC4255ED3

Part of subcall function 00007FFDC4256BD4: _errno.LIBCMT ref: 00007FFDC4256BDD
Part of subcall function 00007FFDC4256BD4: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4256BE8

___lc_codepage_func.LIBCMT ref: 00007FFDC4255EE0

Part of subcall function 00007FFDC425BD14: _getptd.LIBCMT ref: 00007FFDC425BD18

Part of subcall function 00007FFDC425BC70: __wtomb_environ.LIBCMT ref: 00007FFDC425BCA0

free.LIBCMT ref: 00007FFDC4255F51

Part of subcall function 00007FFDC4251EB8: HeapFree.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251ECE
Part of subcall function 00007FFDC4251EB8: _errno.LIBCMT ref: 00007FFDC4251ED8
Part of subcall function 00007FFDC4251EB8: GetLastError.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251EE0

free.LIBCMT ref: 00007FFDC4255FBA
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC425688E,?,?,?,?,00007FFDC425237A), ref: 00007FFDC4255FCD
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC425688E,?,?,?,?,00007FFDC425237A), ref: 00007FFDC4256083
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC425688E,?,?,?,?,00007FFDC425237A), ref: 00007FFDC42560D6

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_get_daylight_invalid_parameter_noinfo$ByteCharMultiWidefree$ErrorFreeHeapInformationLastTimeZone___lc_codepage_func__wtomb_environ_amsg_exit_getptd_lock
String ID:
API String ID: 2532449802-0
Opcode ID: ee8e4f615b8e791483b83a6fe0cc2ec64750f1544eeabae27570c84c998ee86f
Instruction ID: 9411179808efadd1d0315c0f53f3da9f5ab940486202110d4164495422fedde3
Opcode Fuzzy Hash: ee8e4f615b8e791483b83a6fe0cc2ec64750f1544eeabae27570c84c998ee86f
Instruction Fuzzy Hash: ECC19332B0828246EB209F25E4E2B7ABAA5BF8674CF404135DA4D57796DF3ED851C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42A56A0 Relevance: 14.2, Strings: 11, Instructions: 475COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFDC42A57E9
access, xrefs: 00007FFDC42A5B3C
%s mode not allowed: %s, xrefs: 00007FFDC42A5C77
&, xrefs: 00007FFDC42A5782
mode, xrefs: 00007FFDC42A5B21
&, xrefs: 00007FFDC42A578E
invalid uri authority: %.*s, xrefs: 00007FFDC42A5866
cache, xrefs: 00007FFDC42A5AD7, 00007FFDC42A5B0B
no such %s mode: %s, xrefs: 00007FFDC42A5B8C
/, xrefs: 00007FFDC42A57FC
no such vfs: %s, xrefs: 00007FFDC42A5C23

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s mode not allowed: %s$&$&$/$/$access$cache$invalid uri authority: %.*s$mode$no such %s mode: %s$no such vfs: %s
API String ID: 0-1794610955
Opcode ID: 301e3f9c1a1f2b887dd5726b9cf6bf6caf3f6657deee41c36963f94febef5d5d
Instruction ID: 5a8dc81ea3d7db6a9a16b9911e2d01aacda6978f10efa26c3c663ab05c6cce2c
Opcode Fuzzy Hash: 301e3f9c1a1f2b887dd5726b9cf6bf6caf3f6657deee41c36963f94febef5d5d
Instruction Fuzzy Hash: A3124A61B0E68255FB618F1480E237AE7D1AF5377CF644235CE9E466C5DE2EE4C58380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42E4562 Relevance: 13.9, Strings: 11, Instructions: 187COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FFDC42E45F6
gfff, xrefs: 00007FFDC42E4718
gfff, xrefs: 00007FFDC42E4660
gfff, xrefs: 00007FFDC42E4641
gfff, xrefs: 00007FFDC42E46B9
-, xrefs: 00007FFDC42E46E7
-, xrefs: 00007FFDC42E45E2
gfff, xrefs: 00007FFDC42E46FF
-, xrefs: 00007FFDC42E476C
gfff, xrefs: 00007FFDC42E4693
gfff, xrefs: 00007FFDC42E4629

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: -$-$-$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
API String ID: 0-3831715856
Opcode ID: 7edacd6cd6c720fe45ad16255eb22db46ef455887a36a6efa9c524a1fc6defd1
Instruction ID: 2465722a845e953dcde5e474387c1148bd51a841063ff1acb76e9a0d2857db87
Opcode Fuzzy Hash: 7edacd6cd6c720fe45ad16255eb22db46ef455887a36a6efa9c524a1fc6defd1
Instruction Fuzzy Hash: 48514EA372928447DB4D863EB826BDE5B8197E2344F441235F681CFBC6E92DE506CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4252300 Relevance: 13.7, APIs: 9, Instructions: 234COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC4252322
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425232E
_errno.LIBCMT ref: 00007FFDC4252358
__tzset.LIBCMT ref: 00007FFDC4252375
_get_daylight.LIBCMT ref: 00007FFDC425237E
_get_daylight.LIBCMT ref: 00007FFDC425238F
_get_daylight.LIBCMT ref: 00007FFDC42523A0
_isindst.LIBCMT ref: 00007FFDC42523E4
_isindst.LIBCMT ref: 00007FFDC4252434

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _get_daylight$_errno_isindst$__tzset_invalid_parameter_noinfo
String ID:
API String ID: 2215209938-0
Opcode ID: 41d8b18e65f7d3806c0d9553c7c51a0df805b7542322a87cf5f1966f675f1ed7
Instruction ID: 654e821ff1700cf51ee3e85bb78ad589640317677d72e70cd72e68165f251d08
Opcode Fuzzy Hash: 41d8b18e65f7d3806c0d9553c7c51a0df805b7542322a87cf5f1966f675f1ed7
Instruction Fuzzy Hash: 2281FBB2B0424647EB589F35C9B67B9A3A5EF5578CF048035DA0D8A7C5EF3DE5008B90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425AC0C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDC4253814: _getptd.LIBCMT ref: 00007FFDC4253826

_errno.LIBCMT ref: 00007FFDC425AC5C
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425AC66
_errno.LIBCMT ref: 00007FFDC425AC88
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425AC94
_errno.LIBCMT ref: 00007FFDC425ACBC
_cftoe_l.LIBCMT ref: 00007FFDC425AD00

Strings

gfffffff, xrefs: 00007FFDC425AF8B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$_cftoe_l_getptd
String ID: gfffffff
API String ID: 1282097019-1523873471
Opcode ID: 6d431a76e37f81f3480d45fc5075dbf7c647c0e1155ceb15cc37172580d0ee92
Instruction ID: 285a1f6502640fc6135069d289e145e7d343b4b40348a709be228ca2b218f5da
Opcode Fuzzy Hash: 6d431a76e37f81f3480d45fc5075dbf7c647c0e1155ceb15cc37172580d0ee92
Instruction Fuzzy Hash: 25B15563B0938686EB118F2985A73BDBBA5EB1279CF048631CF5D077D5EA3EA411C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4251190 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFDC4254FB3
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFDC4254FD2
RtlVirtualUnwind.KERNEL32 ref: 00007FFDC425501E
IsDebuggerPresent.KERNEL32 ref: 00007FFDC4255090
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFDC42550A8
UnhandledExceptionFilter.KERNEL32 ref: 00007FFDC42550B5
GetCurrentProcess.KERNEL32 ref: 00007FFDC42550CE
TerminateProcess.KERNEL32 ref: 00007FFDC42550DC

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
String ID:
API String ID: 3778485334-0
Opcode ID: 9a46e43afd1125250e4046ec2d227df4f493c72298181d72cd59ff8f311abd0c
Instruction ID: b24f0ac81168f5def84b28136d5ce25e778638baf756b3f663b56825a1bfc30b
Opcode Fuzzy Hash: 9a46e43afd1125250e4046ec2d227df4f493c72298181d72cd59ff8f311abd0c
Instruction Fuzzy Hash: 13312935B89B8285EA51AF54F8A136AB3A0FB86758F500035DA8D437A5DF7DE044C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC431A0F0 Relevance: 11.2, Strings: 8, Instructions: 1207COMMON

Download Yara Rule

Strings

INTERSECT, xrefs: 00007FFDC431A6F8
RIGHT, xrefs: 00007FFDC431A8C9
MERGE (%s), xrefs: 00007FFDC431A711
UNION, xrefs: 00007FFDC431A6EF
UNION ALL, xrefs: 00007FFDC431A70A
LEFT, xrefs: 00007FFDC431A782
EXCEPT, xrefs: 00007FFDC431A701
ORDER, xrefs: 00007FFDC431A521, 00007FFDC431A53F

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: EXCEPT$INTERSECT$LEFT$MERGE (%s)$ORDER$RIGHT$UNION$UNION ALL
API String ID: 0-1489699665
Opcode ID: 8095d8478ce5c6c36f22e39dc013626264286fb13ff1b848e9fdd97e4dac2ca6
Instruction ID: d6195da1ff3bec0564df54793875f43ec5c35c016ceaa8c7c4deb4eebf7a575f
Opcode Fuzzy Hash: 8095d8478ce5c6c36f22e39dc013626264286fb13ff1b848e9fdd97e4dac2ca6
Instruction Fuzzy Hash: 2CD26072608A818ADB64EF15E090BADBBA1F7C6B88F518136DB8E43755DF3DE441CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42DD589 Relevance: 10.7, Strings: 8, Instructions: 669COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FFDC42DD725
0123456789ABCDEF0123456789abcdef, xrefs: 00007FFDC42DDC91
gfff, xrefs: 00007FFDC42DDCE3
NaN, xrefs: 00007FFDC42DD81B
Inf, xrefs: 00007FFDC42DDA46
null, xrefs: 00007FFDC42DD80A
VUUU, xrefs: 00007FFDC42DD78C
VUUU, xrefs: 00007FFDC42DD9B0

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: 0123456789ABCDEF0123456789abcdef$Inf$NaN$VUUU$VUUU$gfff$gfff$null
API String ID: 0-1094208598
Opcode ID: cd2a5b573e4f9121fabe1388ce5a8d8af58e32b1156f1bb2096daff8e7b3b976
Instruction ID: d38ff90347ecaf4207f17ce25a222a3973a139f6b20fd200e0b01e56e92ea0bf
Opcode Fuzzy Hash: cd2a5b573e4f9121fabe1388ce5a8d8af58e32b1156f1bb2096daff8e7b3b976
Instruction Fuzzy Hash: 96425A22F2EE8145E7228E3994A237AEB91AF9778CF054231DD4E57795DE3EE441C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC43022E0 Relevance: 9.0, Strings: 7, Instructions: 292COMMON

Download Yara Rule

Strings

winGetTempname2, xrefs: 00007FFDC430252C
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 00007FFDC430263D
winGetTempname5, xrefs: 00007FFDC43025D2
winGetTempname1, xrefs: 00007FFDC43023BF
winGetTempname3, xrefs: 00007FFDC4302487
winGetTempname4, xrefs: 00007FFDC4302595
etilqs_, xrefs: 00007FFDC43025E3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5
API String ID: 0-2699532598
Opcode ID: 9b656fa15527a4d894f8abb07d9d30b662b141df1a16be103915691d0045191f
Instruction ID: cd3a38f437365ea0c3e4a327949c0053b44c42506721ffe8a473751de3e88a9f
Opcode Fuzzy Hash: 9b656fa15527a4d894f8abb07d9d30b662b141df1a16be103915691d0045191f
Instruction Fuzzy Hash: 81B12521F4D38242EA18BF2564B52BEA391AF87B8CF444235DD5E437D2EE3CE9058384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4305040 Relevance: 7.9, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

incremental_vacuum enabled with a max rootpage of zero, xrefs: 00007FFDC430529C
Page %u: never used, xrefs: 00007FFDC43053BE
d, xrefs: 00007FFDC430510D
max rootpage (%u) disagrees with header (%u), xrefs: 00007FFDC4305277
Freelist: , xrefs: 00007FFDC43051FE
Page %u: pointer map referenced, xrefs: 00007FFDC430542E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: Freelist: $Page %u: never used$Page %u: pointer map referenced$d$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
API String ID: 0-1208703870
Opcode ID: cf1d6db87c477467e610a0ca1a96b783ae12aab748da949430b1ae81142cb349
Instruction ID: c84d4a8eceab1c582aedcda3c31e95d72d33acc3530daa7897dbdb2f5e6dc3be
Opcode Fuzzy Hash: cf1d6db87c477467e610a0ca1a96b783ae12aab748da949430b1ae81142cb349
Instruction Fuzzy Hash: ECF1AE36B4964286EB64EF15E4A46BE73A1FBC676CF100235DA4E43A94CF7DE444CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425A690 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDC425A6C7
GetCurrentProcessId.KERNEL32 ref: 00007FFDC425A6D2
GetCurrentThreadId.KERNEL32 ref: 00007FFDC425A6DE
GetTickCount.KERNEL32 ref: 00007FFDC425A6EA
QueryPerformanceCounter.KERNEL32 ref: 00007FFDC425A6FB

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 5b6265fe9cee06ba0da7eda18128eb918af48bc25a35927c6bdd2db0f692a00e
Instruction ID: 8bb2394e8fe5a19ad8c944413a6fcf16e72b1e4620847e3696c7e18203be4728
Opcode Fuzzy Hash: 5b6265fe9cee06ba0da7eda18128eb918af48bc25a35927c6bdd2db0f692a00e
Instruction Fuzzy Hash: 7D01C8217DAA0181F780AF21E4E516A7360FB86B98F542530DE6E077A0CE3DDC848340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42511B0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 413COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4251476

Strings

atan2, xrefs: 00007FFDC42512C1
!, xrefs: 00007FFDC42512C8

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID: !$atan2
API String ID: 1156100317-1378383358
Opcode ID: e351e5c4459d0b3c17b79ab9e866b1d4c54ca6c7480f6615f39d0ac5188cec36
Instruction ID: 2d8827a838f750f3ce285cc2cacc37e11671115d80a7109c6389f3df8d08907d
Opcode Fuzzy Hash: e351e5c4459d0b3c17b79ab9e866b1d4c54ca6c7480f6615f39d0ac5188cec36
Instruction Fuzzy Hash: A1029222F29FC188D623DE3494A137AE258AF937DCF109336DD5F36A94DF6DA4428640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC43216B0 Relevance: 7.3, Strings: 5, Instructions: 1069COMMON

Download Yara Rule

Strings

ON clause references tables to its right, xrefs: 00007FFDC432190C
NOCASE, xrefs: 00007FFDC4321D79
BINARY, xrefs: 00007FFDC4321D83
false, xrefs: 00007FFDC43221B3
, xrefs: 00007FFDC432182E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: $BINARY$NOCASE$ON clause references tables to its right$false
API String ID: 0-933351293
Opcode ID: 902126d46abcb64b279f4ace7e59cde8ac6b7bf0d77848ffd936099dd45dc5d2
Instruction ID: 249dc2c9fab1180b8177096dca5239878055070a95d88874ab553dc73999a079
Opcode Fuzzy Hash: 902126d46abcb64b279f4ace7e59cde8ac6b7bf0d77848ffd936099dd45dc5d2
Instruction Fuzzy Hash: 3DB2BF72B497458AEB65DF65C5A06AC37B1FB8AB8CB008136DE0D57B86DF38E411C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4323F50 Relevance: 6.5, Strings: 4, Instructions: 1502COMMON

Download Yara Rule

Strings

p, xrefs: 00007FFDC4324346
sqlite\_%, xrefs: 00007FFDC432406C
BBB, xrefs: 00007FFDC4324DA4, 00007FFDC4324DC6, 00007FFDC4325740, 00007FFDC432575E
sqlite_stat1, xrefs: 00007FFDC43241F2

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: BBB$p$sqlite\_%$sqlite_stat1
API String ID: 0-449430769
Opcode ID: 242f6c5092bdc9056ed54d455e9bd435ad4eacd80bd051e017ce85e3e6c4984e
Instruction ID: 09c88c66702431fb282ac9fab88f39ce77ff3742aca12b8d16ca979e454c0983
Opcode Fuzzy Hash: 242f6c5092bdc9056ed54d455e9bd435ad4eacd80bd051e017ce85e3e6c4984e
Instruction Fuzzy Hash: 66F2A072708A818AEB20EF15D090BAD7BA1F7C9B88F518135DB8D47B59DF39E505CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4260A68 Relevance: 5.8, Strings: 4, Instructions: 796COMMONLIBRARYCODE

Download Yara Rule

Strings

1#SNAN, xrefs: 00007FFDC4260B52
1#IND, xrefs: 00007FFDC4260B97
1#QNAN, xrefs: 00007FFDC4260C05
1#INF, xrefs: 00007FFDC4260BCE

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 0-2761157908
Opcode ID: e37cef2c9ccbc6ea5ceabd339024ee623293c00323680f1c2da1f85b62a2f5d9
Instruction ID: f1ae2f1f81eb1ecc2aa5f57ea365cd180c82b00f09d40816fa7f96a00840a13a
Opcode Fuzzy Hash: e37cef2c9ccbc6ea5ceabd339024ee623293c00323680f1c2da1f85b62a2f5d9
Instruction Fuzzy Hash: 37620476F186528AF714CFB48062BFDB7B1BB5535CF408035DE0957A88EE3AA915C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42DD1E0 Relevance: 5.5, Strings: 4, Instructions: 468COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00007FFDC42DD34C
0123456789ABCDEF0123456789abcdef, xrefs: 00007FFDC42DD408
-x0, xrefs: 00007FFDC42DD4D8
VUUU, xrefs: 00007FFDC42DD464

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
API String ID: 0-2031831958
Opcode ID: f4fb171f4dde5d6e65336da43a58585c6a97977ddae4f20c17d8802529c898c1
Instruction ID: 2878c41324ac3c93edf37c62a403c73b2364c7df0a967a7d32108ab60066f40e
Opcode Fuzzy Hash: f4fb171f4dde5d6e65336da43a58585c6a97977ddae4f20c17d8802529c898c1
Instruction Fuzzy Hash: 06120422B1EAC182EB658F2491E677AE7A1FF4678CF444135DE4E03695DE3EE440C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC432C9C0 Relevance: 5.4, Strings: 4, Instructions: 408COMMON

Download Yara Rule

Strings

first_value, xrefs: 00007FFDC432CA23, 00007FFDC432CC8A, 00007FFDC432CF85, 00007FFDC432CFB5
lead, xrefs: 00007FFDC432CA2A, 00007FFDC432CB78, 00007FFDC432CC7D, 00007FFDC432CF78, 00007FFDC432CFC2
lag, xrefs: 00007FFDC432CA31, 00007FFDC432CC91, 00007FFDC432CF8C, 00007FFDC432CFAE
nth_value, xrefs: 00007FFDC432CA1C, 00007FFDC432CC61

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: first_value$lag$lead$nth_value
API String ID: 0-1849363824
Opcode ID: 8237b54f2095bab97d0f4684f1d18a866cde9ec96826d58a0ddee154eb77778f
Instruction ID: b62fdf45e13b00e41878c14374f1dab20c98554f39643cb8311921967c9aa545
Opcode Fuzzy Hash: 8237b54f2095bab97d0f4684f1d18a866cde9ec96826d58a0ddee154eb77778f
Instruction Fuzzy Hash: CA12BF72608A818ADB21EF15D590BAD7BA0F7C9F88F544136DB8E83759CF39E511CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4305740 Relevance: 5.2, Strings: 3, Instructions: 1481COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 00007FFDC43058C0, 00007FFDC4306018, 00007FFDC430617F
ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc, xrefs: 00007FFDC430588D, 00007FFDC4305A19, 00007FFDC4305AD2, 00007FFDC4305B06, 00007FFDC430600A, 00007FFDC4306171
database corruption, xrefs: 00007FFDC43058B9, 00007FFDC4306011, 00007FFDC4306178

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc$database corruption
API String ID: 0-451000892
Opcode ID: b4c10b0fc605b0176b2cfe2fff9d1c092cd652b876e407affbc2d12eb7fe2ef8
Instruction ID: fd0b8b732fa83ec45ec97b78fa0fc47af4d299291f537384700a91b50266e367
Opcode Fuzzy Hash: b4c10b0fc605b0176b2cfe2fff9d1c092cd652b876e407affbc2d12eb7fe2ef8
Instruction Fuzzy Hash: 8BE2AE72B186918AEB50DF25D0A06AD7BA1FB85B9CF104235EF4E57B58DF38E441CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42568D4 Relevance: 4.7, APIs: 3, Instructions: 207COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42568F5
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4256901
_errno.LIBCMT ref: 00007FFDC425692E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: f586e86c11cd874c32a9d3f1c195a95c80282baa3b536a57f04f191a561c6554
Instruction ID: d9255c4b870d35d10c461eca3d8a9db7d1272284c46fa5bd18f6afb184ced053
Opcode Fuzzy Hash: f586e86c11cd874c32a9d3f1c195a95c80282baa3b536a57f04f191a561c6554
Instruction Fuzzy Hash: CF613BA2F156464BDB1C8F18D862778A256A7D578CF08C136EA0D8F7D9FA3DF6014780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4328C40 Relevance: 4.6, Strings: 3, Instructions: 863COMMON

Download Yara Rule

Strings

BINARY, xrefs: 00007FFDC432903F, 00007FFDC43291B6, 00007FFDC43291BF, 00007FFDC432921E, 00007FFDC4329368
automatic index on %s(%s), xrefs: 00007FFDC4328E9B
auto-index, xrefs: 00007FFDC4329020

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: BINARY$auto-index$automatic index on %s(%s)
API String ID: 0-3338052489
Opcode ID: 4971abcf5c1fc747d48e97d43a72fc54b933a5fca6aa6b7f01b1dad247fe1d61
Instruction ID: b064d34deeb03009f52ae49f5155991b37ec0febf7c4002d07e0317bd32fed1a
Opcode Fuzzy Hash: 4971abcf5c1fc747d48e97d43a72fc54b933a5fca6aa6b7f01b1dad247fe1d61
Instruction Fuzzy Hash: FD92AE72B08B8586EB65DF15E090BAD7BA0FBC5B98F118226DB8E43795DF38D441CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42F53B0 Relevance: 4.3, Strings: 3, Instructions: 576COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 00007FFDC42F540B, 00007FFDC42F59E3, 00007FFDC42F5A27, 00007FFDC42F5A78
ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc, xrefs: 00007FFDC42F53F8, 00007FFDC42F59D0, 00007FFDC42F5A14, 00007FFDC42F5A65
database corruption, xrefs: 00007FFDC42F5404, 00007FFDC42F59DC, 00007FFDC42F5A20, 00007FFDC42F5A71

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc$database corruption
API String ID: 0-451000892
Opcode ID: 722339ec533f315b1afba71ecbf1bb329915c88aff72429cbd5831b6268daa06
Instruction ID: 30926e73eedd3324556aa5c3b27b8f0b4047ad805005d00deb1bd008af00c5ab
Opcode Fuzzy Hash: 722339ec533f315b1afba71ecbf1bb329915c88aff72429cbd5831b6268daa06
Instruction Fuzzy Hash: AF329232B08652C6EB54CF25D0E566EB3A1FF86B98F914035EA4E47752DF3AE481C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EC250 Relevance: 4.2, Strings: 3, Instructions: 497COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 00007FFDC42EC453, 00007FFDC42EC98F
ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc, xrefs: 00007FFDC42EC445, 00007FFDC42EC981
database corruption, xrefs: 00007FFDC42EC44C, 00007FFDC42EC988

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc$database corruption
API String ID: 0-451000892
Opcode ID: 6dca3365857a98ad24d7c1d98f5de62d599b8a9f9c7e67a6dde05f027ebf2de5
Instruction ID: 337ceb435ae9889179a358b000369d312e872e802f5c6040a088df1590d86e7f
Opcode Fuzzy Hash: 6dca3365857a98ad24d7c1d98f5de62d599b8a9f9c7e67a6dde05f027ebf2de5
Instruction Fuzzy Hash: 08123872F0C69286E7218F6690E23BBA751BF9338EF104531DA9E476C5DE2EE445C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4260204 Relevance: 3.6, APIs: 2, Instructions: 613COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC4260267
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4260272

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 0bf60b056750162301d3d73b5276a685ed243da8dd4aa7d8e22dc863b22b4bdb
Instruction ID: 1f31d73c8f1981b82b858736e403097dd7414479374f71f63306e56415f33831
Opcode Fuzzy Hash: 0bf60b056750162301d3d73b5276a685ed243da8dd4aa7d8e22dc863b22b4bdb
Instruction Fuzzy Hash: 0D32EAA2F081468AF764CEA580E27FCE3B2BB1276CF540036CE4D576C5DA3EA945D780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42562E8 Relevance: 3.2, APIs: 2, Instructions: 235COMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FFDC425655A

Part of subcall function 00007FFDC4256BD4: _errno.LIBCMT ref: 00007FFDC4256BDD
Part of subcall function 00007FFDC4256BD4: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4256BE8

_get_daylight.LIBCMT ref: 00007FFDC42565E0

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _get_daylight$_errno_invalid_parameter_noinfo
String ID:
API String ID: 3559991230-0
Opcode ID: b873092dd0be76844bf492a7824e69c7b65502ffb7c78b8cbc95c3bd55ead880
Instruction ID: 9c5c090ae120fcba79e554f7c3881270b74607008d071f7e5b7a4a0124e5c4fd
Opcode Fuzzy Hash: b873092dd0be76844bf492a7824e69c7b65502ffb7c78b8cbc95c3bd55ead880
Instruction Fuzzy Hash: D5910872F182424BE71C8F18D9A2A79A696E7E634CF549135D90D8BBD4DE3DF9008B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D0400 Relevance: 3.2, Strings: 2, Instructions: 723COMMON

Download Yara Rule

Strings

RIGHT PART OF , xrefs: 00007FFDC42D0477
USE TEMP B-TREE FOR %sORDER BY, xrefs: 00007FFDC42D046B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: RIGHT PART OF $USE TEMP B-TREE FOR %sORDER BY
API String ID: 0-1759156464
Opcode ID: e047eab677c6d2e334b683954daa2a8a39cbd2076e4dbceb7e3eb3e6186ad1b8
Instruction ID: a1f7b3997cfd91ec66e9149aebbc10ce7fc377c1dde32fd1cbad5a85f8469db6
Opcode Fuzzy Hash: e047eab677c6d2e334b683954daa2a8a39cbd2076e4dbceb7e3eb3e6186ad1b8
Instruction Fuzzy Hash: 5972B372A056818AEB60DF15D091BADBBB0F785F8CF148235DB4E47769DB3AD411CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42F62C0 Relevance: 2.8, Strings: 2, Instructions: 328COMMON

Download Yara Rule

Strings

recovered %d frames from WAL file %s, xrefs: 00007FFDC42F674F
, xrefs: 00007FFDC42F6354

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: $recovered %d frames from WAL file %s
API String ID: 0-3175670447
Opcode ID: 381529ea9b43a46c899027a014c97f0913d09845748b40d8c39e8c34b3439992
Instruction ID: 995c05000a5c44051556ac2438e0e0ba15fd2af7fc929bba3cf6ee9c089920f3
Opcode Fuzzy Hash: 381529ea9b43a46c899027a014c97f0913d09845748b40d8c39e8c34b3439992
Instruction Fuzzy Hash: 45E19132B08796C6E760DF25D09176EB7A0FB85B88F514035EA4D83B58DF39E846CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42DE3DB Relevance: 2.6, Strings: 2, Instructions: 92COMMON

Download Yara Rule

Strings

(subquery-%u), xrefs: 00007FFDC42DE4D3
(join-%u), xrefs: 00007FFDC42DE4BF

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: (join-%u)$(subquery-%u)
API String ID: 0-2916047017
Opcode ID: 1f2d6276931a3095746ef65d58465ab324b413396f510f23d9c65a7f04a2791c
Instruction ID: b827993e361e793126b40261b3866d40a28807427b1279c6fffcd1cccfdb9092
Opcode Fuzzy Hash: 1f2d6276931a3095746ef65d58465ab324b413396f510f23d9c65a7f04a2791c
Instruction Fuzzy Hash: 7541E42271DA9585EB219F25A0A23FAE7A0FF8A78CF044531DF9807645CE3DE140C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4262600 Relevance: 2.4, Strings: 1, Instructions: 1121COMMON

Download Yara Rule

Strings

20e, xrefs: 00007FFDC426386B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: 20e
API String ID: 0-976243656
Opcode ID: ca2b64c6eb40fa2a2f4caa3dc0bd5aac12d65543e8ad27e1406a7b5e0032f0ae
Instruction ID: dec241bc212705c27958715f9d472fd30a410177cd6be88fe35b5378fe6d247c
Opcode Fuzzy Hash: ca2b64c6eb40fa2a2f4caa3dc0bd5aac12d65543e8ad27e1406a7b5e0032f0ae
Instruction Fuzzy Hash: 22924DB7318B8085EA60CF95B86469BB3A9F7897C4F55A125EE8D97B18DF3CC091C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42E70D0 Relevance: 2.1, Strings: 1, Instructions: 829COMMON

Download Yara Rule

Strings

p, xrefs: 00007FFDC42E744B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 7a0406795cf55a5803d4ee8cea87ad867a9f61f9dd4559ea62cc47508579dd08
Instruction ID: 320205b45a9bd96cb21439b8d1822003ee6660a85e789b3088faa8808014a15e
Opcode Fuzzy Hash: 7a0406795cf55a5803d4ee8cea87ad867a9f61f9dd4559ea62cc47508579dd08
Instruction Fuzzy Hash: F592AF72B18A8186EB60DF15C091BBEBBA0FBD5F89F458135DA8E47795CB3AD401C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC431B7F0 Relevance: 2.0, Strings: 1, Instructions: 774COMMON

Download Yara Rule

Strings

FOREIGN KEY constraint failed, xrefs: 00007FFDC431C0F4

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: FOREIGN KEY constraint failed
API String ID: 0-1894908324
Opcode ID: 201d9aad9e111dc076807da22a58185cef572db59c34f2393cbb46a832e29c6e
Instruction ID: b352997dc2aa8d1271891232a30355f68e5195ae722d73131ecac606979fd57f
Opcode Fuzzy Hash: 201d9aad9e111dc076807da22a58185cef572db59c34f2393cbb46a832e29c6e
Instruction Fuzzy Hash: 7272A132709B8186DB649F25E5A036A77E4FB8ABA8F144235DB9D47B95DF3CD060C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC431F360 Relevance: 1.8, Strings: 1, Instructions: 600COMMON

Download Yara Rule

Strings

nth_value, xrefs: 00007FFDC431F3DC, 00007FFDC431F406, 00007FFDC431F512, 00007FFDC431FD3A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: nth_value
API String ID: 0-3295069819
Opcode ID: 570ff040a030ec0145f3944f1c5b12599a6908caafe8ca954b2e75787a94a10b
Instruction ID: 660eb35ee7917cd63c15b59f951817325fcaef3ace65891bbd7cb7bef6c8a577
Opcode Fuzzy Hash: 570ff040a030ec0145f3944f1c5b12599a6908caafe8ca954b2e75787a94a10b
Instruction Fuzzy Hash: 0D62A272618A818AEB50EF25C490BAC3BA4F7C6F88F558236DE8E47759DF39D405CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4320F20 Relevance: 1.7, Strings: 1, Instructions: 492COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FFDC4321019

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: 96562b4cadcf60104174b5c408002f5a93d2cf7b204eb99700fc21ac15cd6c8a
Instruction ID: 0d7d4948476337c38ae67c9f3e5245dede78a775a6170dbea412fb492abfe3e9
Opcode Fuzzy Hash: 96562b4cadcf60104174b5c408002f5a93d2cf7b204eb99700fc21ac15cd6c8a
Instruction Fuzzy Hash: F432A072B19A918BDB60DF15E290BAD7BA1F7C5B88F108136DB8E43B45DB39E051CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC43237E0 Relevance: 1.7, Strings: 1, Instructions: 475COMMON

Download Yara Rule

Strings

p, xrefs: 00007FFDC432399E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 6734c97c7cf707b8c06bdf7dc93670008cc4cdd2e79740fda2b4df464c6fc364
Instruction ID: 53b81b37e0c511f0042fa167e98420e89dd04267c1bb1c110633d10ef52ac0ef
Opcode Fuzzy Hash: 6734c97c7cf707b8c06bdf7dc93670008cc4cdd2e79740fda2b4df464c6fc364
Instruction Fuzzy Hash: 5522D272708A818AEB65EF25D090BA97BA0FBC6F88F448135DE8D4B796DF39D405C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4342130 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat4, xrefs: 00007FFDC4342339

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat4
API String ID: 0-1240430669
Opcode ID: 2d4f31b22b1ffc8d8fc5e681f392b3ec8dc54ebe553107f1ebeae9265efe2a25
Instruction ID: 8aca36bf3322962b319d805afaa2414f6d76af9f205ba942428cb68eb2fa0c42
Opcode Fuzzy Hash: 2d4f31b22b1ffc8d8fc5e681f392b3ec8dc54ebe553107f1ebeae9265efe2a25
Instruction Fuzzy Hash: B9E1E562B48A8241EB60EF1194F03FA6B90EFC2BC8F585431DE4E97796DE3CD4458784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4276A50 Relevance: 1.6, Strings: 1, Instructions: 358COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FFDC4276D08

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 72bf0c7149e10251d9a078f157d93a41ed82dcebba77306d376395847573c469
Instruction ID: fcaa192a8bd73316629a82f293599080eb56dc809a93716a8d6ed94e8a458f14
Opcode Fuzzy Hash: 72bf0c7149e10251d9a078f157d93a41ed82dcebba77306d376395847573c469
Instruction Fuzzy Hash: E0C15620F1941745EE254E29C0F6F78F641EF9376CF48D232D84E616C4EE2FA9828AC4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4255458 Relevance: 1.6, Strings: 1, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

Strings

gfff, xrefs: 00007FFDC42554CE

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: b02d9a0d99110c9a748914f86ac0db9a2a7d5722b08d83646cf4b2a8e34aa4ce
Instruction ID: 997d6684b4412978d31e858a2bce68d9366595b7a075cb61dd19df4b4b146f91
Opcode Fuzzy Hash: b02d9a0d99110c9a748914f86ac0db9a2a7d5722b08d83646cf4b2a8e34aa4ce
Instruction Fuzzy Hash: 34C107A3B15F4547CE05CF15A865369A3AABB95BD4F00D732EE4E67B58EF3CE0458200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC431C3F0 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

ORDER BY without LIMIT on %s, xrefs: 00007FFDC431C441

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: ORDER BY without LIMIT on %s
API String ID: 0-1940428004
Opcode ID: f3d6aaa0ae6f692d497bb8d3b17e8696e82a9fd48c45270fec174f365cf9858d
Instruction ID: f655f109838214a939cfbe1fd513ce0751bde51999cdfd9582ef62231dbd7fb3
Opcode Fuzzy Hash: f3d6aaa0ae6f692d497bb8d3b17e8696e82a9fd48c45270fec174f365cf9858d
Instruction Fuzzy Hash: 0BB1DF32B09B8185EA60DF16E5A176AB3A1FB8ABD8F144231DE4D07B99DF3CD051C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4285670 Relevance: 1.5, APIs: 1, Instructions: 18encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32 ref: 00007FFDC428568D

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 148654b00a3e466ab33ac1690deb12a5a454b3b03858537a61ab1f87b20b6dab
Instruction ID: 6904106b0844e65c21fdd4e4f3464a597ce58ada9dfdb66bfa18f65bc555a732
Opcode Fuzzy Hash: 148654b00a3e466ab33ac1690deb12a5a454b3b03858537a61ab1f87b20b6dab
Instruction Fuzzy Hash: FEE0C216F4620285FF9D9F72E4F233C63904F99BADF1C4230C90D05281CE7E64C48680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4285790 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

0123456789abcdef, xrefs: 00007FFDC428593B

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID: 0123456789abcdef
API String ID: 0-1757737011
Opcode ID: 665b028cc32bda707b8593a19a285dc98d905064a441ed12925e1b20074919c2
Instruction ID: 4df00f85bf0d2404b31aa01b87759ee300770b4bcdf58fe9170f5348eb2530e0
Opcode Fuzzy Hash: 665b028cc32bda707b8593a19a285dc98d905064a441ed12925e1b20074919c2
Instruction Fuzzy Hash: F0613663B282D489E715CF2994611FCBF60E75AB4CF48033AEB8A87743C92DD655CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42697B0 Relevance: .9, Instructions: 857COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a41ead7efd5c823871f8e9e1114b83ab641275196115ac4f696fa0c2416ccd
Instruction ID: 1dbb9ead06512e6ebdece98218e38f9a43f4f20aedeeca6caf0cb55cbd14ba45
Opcode Fuzzy Hash: 85a41ead7efd5c823871f8e9e1114b83ab641275196115ac4f696fa0c2416ccd
Instruction Fuzzy Hash: 2282E9327302F88BE751CE1FAC98D6A37A5F399746B825105EF849B785C53DB801DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4316980 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871ba9328effef4df7d33640ee3505bc913726914bb52e346b7e2a96ac2ae5f9
Instruction ID: 0ce6846fb3b2f4155778716acc643f6b2c320c85eba3cc604db4dad94f77f1e7
Opcode Fuzzy Hash: 871ba9328effef4df7d33640ee3505bc913726914bb52e346b7e2a96ac2ae5f9
Instruction Fuzzy Hash: C952B162B4878182EA609F55D0A47BEA7A1FBC7B88F185035DE8D43B94DF3DE451C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4268AB0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f741b84ce6b060650222f3a128725f2e2c217b5f16a63e9076848a9c1a42a82
Instruction ID: e34935d16a8dcb21c517e46d0c4b0944e10f7755b68d9ca0053d1fa3d7eeca28
Opcode Fuzzy Hash: 1f741b84ce6b060650222f3a128725f2e2c217b5f16a63e9076848a9c1a42a82
Instruction Fuzzy Hash: 605209327302F88BE715CE1FAC98D6A37A5F399746B825105EF84DB785C53DA801DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42B0440 Relevance: .5, Instructions: 533COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2380269309540904677741fdb5e226bae2c5c3dfa3e52ae64e39013f1df737b7
Instruction ID: 2ca0b0ac4e313b629ff44b3516311117055f68347d20039cf4333cf4e5e7f5f6
Opcode Fuzzy Hash: 2380269309540904677741fdb5e226bae2c5c3dfa3e52ae64e39013f1df737b7
Instruction Fuzzy Hash: A4323A72B09A428AEB61CF15E0A136AF7B5FB86B98F044135DA8E43794DF3DE441C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42A4680 Relevance: .5, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6cfacf69ef145b86557d76706745eb17156df53f1369ab150f1646a2495213
Instruction ID: d14c41ec0e9fb17635d8b28cf0d73e58f8552c1024cb2bddafc8416e34259ed4
Opcode Fuzzy Hash: 5b6cfacf69ef145b86557d76706745eb17156df53f1369ab150f1646a2495213
Instruction Fuzzy Hash: 9FF17C62F1E2D255F7658F15A4B27B9EA91AB43788F340136DE9E83BC1CE2ED1009780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC431FD80 Relevance: .5, Instructions: 467COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a72b86b0009f86dc8fc5e4339a2f6fd3a3330d723f0774ab50972e725b0c1a
Instruction ID: c393c56bcef2119132266e65474e782519345aa737e6d217d8b27ec79996491d
Opcode Fuzzy Hash: f6a72b86b0009f86dc8fc5e4339a2f6fd3a3330d723f0774ab50972e725b0c1a
Instruction Fuzzy Hash: 46226A32B0AB418AEB65EF25D4A06AD77B5FB8AB88F004039EE4D47745DF39E415C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4328540 Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad9da8ce092bf3cc582ef0868892a02c8700e2260a690bf0a4b1c6ffbfdd872
Instruction ID: b4db7b0f1db78d8b0c3f990d0245e3ffcd5ee3cca4ad399b4e4f7ba53fa76a18
Opcode Fuzzy Hash: 3ad9da8ce092bf3cc582ef0868892a02c8700e2260a690bf0a4b1c6ffbfdd872
Instruction Fuzzy Hash: 5522E1727086918AD768DF29C190BAD7BA0FBC5F88F508225DF8E4374ADB39E455CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42A4D30 Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42fc146292f5e3bb321362de7e9134b70882ab439aef3c604940af074ee087f0
Instruction ID: f8262021284d99566c9d828e2b75b3d8edc97188cdc5f74ef7ee4d1be8164480
Opcode Fuzzy Hash: 42fc146292f5e3bb321362de7e9134b70882ab439aef3c604940af074ee087f0
Instruction Fuzzy Hash: D0E12C72B1A7A19AE7108F6595A12BDABA1BB067DCF344035DE4D53B88DE3EE441C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42AA740 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e02c55506310ff8dade86b56671713f89ca68d15c90bf5c007f5f63b23611ffb
Instruction ID: 603aec0b7efb777bc0dbde4756fde22b4b1c8eb58eba40ea47d6c17a4ee2bfa5
Opcode Fuzzy Hash: e02c55506310ff8dade86b56671713f89ca68d15c90bf5c007f5f63b23611ffb
Instruction Fuzzy Hash: 48E1CD72B0A282ABD760CF25C29136DB7A1FB1A788F144435DF4D83B45DB3AE5A5C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42CA690 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afe0c2d292157dab0eeaff4013a42d434803f4f041930a908a8ac1cd5d127a6
Instruction ID: f1f02d46e3dfd642a3fafe66d01911cfa32965e8b4d0c35c6b748ef04bb69983
Opcode Fuzzy Hash: 6afe0c2d292157dab0eeaff4013a42d434803f4f041930a908a8ac1cd5d127a6
Instruction Fuzzy Hash: 9DD15E53F1D6814AFF218B3485A33FDBB61EB67384F088636CA9A467C2D91EE149D350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4277680 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa163be0e6ef49ea8324b6da3cc473cebeca7a79ff89c8928c5f47fc81c9b9a
Instruction ID: 1bc90811c2737b751f8a2e2d6d6fc44830b79091a03da150bca9da9704dff1bf
Opcode Fuzzy Hash: 8fa163be0e6ef49ea8324b6da3cc473cebeca7a79ff89c8928c5f47fc81c9b9a
Instruction Fuzzy Hash: 21C18903F3D2968AF7254B38D0A23BDA751D7A3358F148135D2C946AC6DA2EF252DF81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42A3EF0 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c1c6671f47147f24ad2234db309ef01da525adcfcf5c2fe8ee5ac906ea672f
Instruction ID: 27a23a5ccbabe6cddb2cdfabefcc355abee50661f8f86bcd75419ac13407c1c6
Opcode Fuzzy Hash: d0c1c6671f47147f24ad2234db309ef01da525adcfcf5c2fe8ee5ac906ea672f
Instruction Fuzzy Hash: 39E18C76B0AB419AEB20CF25D4A12BDB7A5FB5678CB244132DE4D43B58CF3AD415C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42A17E0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88a824390bf08515cd7cee627b6a24fe68bae7a0781fee86b796ee794514d52
Instruction ID: c36e9e3c25aabd514cf5dbd04266c894e7fdbce51c94229c4362c403f323ee41
Opcode Fuzzy Hash: a88a824390bf08515cd7cee627b6a24fe68bae7a0781fee86b796ee794514d52
Instruction Fuzzy Hash: B8D17652B0E2E01AE7618F3154A03FDBFA1EB4278DF180175DFC91B68ACA2CD145DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42FBD50 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a51e4b200d69fd02a61a362dc0d0175a0e8d35b1c273677f0bfd2df30e647bc
Instruction ID: df73f104b18d073599430efcf0d7c85c1f6b1c64b5f3795a7a852af0ebdc73a2
Opcode Fuzzy Hash: 4a51e4b200d69fd02a61a362dc0d0175a0e8d35b1c273677f0bfd2df30e647bc
Instruction Fuzzy Hash: 18C10162B0C691CAE7618F2594A277AAF91FF46BCCF544035EA4E87786DE3EE4018740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42E16D0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03a3307fd628a93744f9dbd3a4adc10b6f84e52d1d3485306e82f1b0e3fa55e
Instruction ID: 6d12803fdab191d581c4f41f4f84815b822fba605b1f81cad5834f283b1b234a
Opcode Fuzzy Hash: d03a3307fd628a93744f9dbd3a4adc10b6f84e52d1d3485306e82f1b0e3fa55e
Instruction Fuzzy Hash: E4B1D422B1D68685FB659F15A0A237BB791EB82B8DF144134CA8D47795DF3EE842C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42B4BE0 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 605d60309dea6e604a62bd9561c684a83e8ce224da069fe439ee4db99c6d6e4b
Instruction ID: 31507d8f94275d48058e5393b66adcb56266cb93221efaaf4547dc33a80ec1ea
Opcode Fuzzy Hash: 605d60309dea6e604a62bd9561c684a83e8ce224da069fe439ee4db99c6d6e4b
Instruction Fuzzy Hash: 1DC17E32B09A4689EB109F21E4E67BDB3A4FB86B9CF454535CA6E43385DF39E441C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42B2630 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5553d5271a4d2bacf48d275028e640c547d17988fc60d97ecf76782f124ca2a
Instruction ID: 0f3c347c6c9a024332c3c241b22500b025a67502d64625fa5233fb5081d7bb13
Opcode Fuzzy Hash: a5553d5271a4d2bacf48d275028e640c547d17988fc60d97ecf76782f124ca2a
Instruction Fuzzy Hash: DCB1A422B19B828AEB64DF15A4A537AB3A0FF86B88F140135DE4E47759DF3DE401C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42B3F00 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970370bfd79cc7268b9b4b904b7d63f9f7c72394da26f30dfab5017e5cd68000
Instruction ID: aa5b5607b838aa280e95171e123b61fca78f39b9d40844c89d0f691b443e7b4a
Opcode Fuzzy Hash: 970370bfd79cc7268b9b4b904b7d63f9f7c72394da26f30dfab5017e5cd68000
Instruction Fuzzy Hash: D381E231F296428BE728DF15A5E5279B3A1FB86B88F504135CA5E47785CF3EF8118780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4282400 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5191f3b27a65f989f919400b2ccdcd9c286bf778964bbf686cc407a30b723b52
Instruction ID: f2dde1d950b6022339f51db1b5f36f3c9b87eeb80bb3335f981f9bbbb9d83bc2
Opcode Fuzzy Hash: 5191f3b27a65f989f919400b2ccdcd9c286bf778964bbf686cc407a30b723b52
Instruction Fuzzy Hash: 00712373F1829486D7648F02A0A5A7EB3A4FB897C8F458235EF8D43B46EB3DD4418B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42B00B0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 716a08f81b6bf6996a3c42b7622cb0abdc174186b5ae87390f15f7f16881648c
Instruction ID: adcb8dbd7cb996e2a241039e91d03bc689f7072220a4c5ab1e955a766dd5402e
Opcode Fuzzy Hash: 716a08f81b6bf6996a3c42b7622cb0abdc174186b5ae87390f15f7f16881648c
Instruction Fuzzy Hash: 4C612722B18A468EEB568E1990E17BAE7A0FB4278CF108131DE4F43754EE39D946C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4295210 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eae9cf048cff673b38b5edd700252b1ac1ef4b796be271c02aa2690f502c24c8
Instruction ID: 95125acf7252e8d48a66b326a3aae2ad73a4a6c689572105005ab7facc26568e
Opcode Fuzzy Hash: eae9cf048cff673b38b5edd700252b1ac1ef4b796be271c02aa2690f502c24c8
Instruction Fuzzy Hash: 15419D63B0C2F106F7188E6654A227DFBC3A797395F548031DEA982685DDBED5828740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC426A7D0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010a4c1b2f8deb803f3a9baa8151dbf271934a0292c842b0d9f99f4fa4a559f8
Instruction ID: 1da8b79b4fd4fbf524c47991008b67bb1fa84ed8b6acc71bde2461ac3df60bed
Opcode Fuzzy Hash: 010a4c1b2f8deb803f3a9baa8151dbf271934a0292c842b0d9f99f4fa4a559f8
Instruction Fuzzy Hash: 0E5146B37241648FD798CF2DC4A8E2D37E0E70E7017669429E648CBB45DA36E950CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42C9690 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de2c5e02cc65a72cd14581a73bb3f02c113e198c9591479d55336f933b2bf22
Instruction ID: 1aa19fd810f7bda004caacd99e1d474e9cc0a4e91fa884a8dd81f7e17bd410d6
Opcode Fuzzy Hash: 6de2c5e02cc65a72cd14581a73bb3f02c113e198c9591479d55336f933b2bf22
Instruction Fuzzy Hash: 5A412372B0978185FE24DF16A2A6AAAB291FB86BC8F485134DF4D07B45DF3DE010D780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4283EB0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 553082bfef0daedf03aba20abd5fe315be8f3710eeae794a56f7633b0a8e19f0
Instruction ID: f2109a2292adff2a23afa1996794ba023cecf45deea9b23a87ef052999ff3434
Opcode Fuzzy Hash: 553082bfef0daedf03aba20abd5fe315be8f3710eeae794a56f7633b0a8e19f0
Instruction Fuzzy Hash: C331D463B1C2D502E719DF71A4E103FEA71FB8678DF05C235D69A82997DD5ED0068680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4269660 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fde9e495acdf338fd88f7185edf6085142f2687bbbafc807d393a110f0e335c
Instruction ID: 5e0ea66d96788c63bf69bff0df339bfa1a7f837ca77f61d44c22266b12c43bdb
Opcode Fuzzy Hash: 0fde9e495acdf338fd88f7185edf6085142f2687bbbafc807d393a110f0e335c
Instruction Fuzzy Hash: 0B3194737242A08BD754CF29C561A6D7BE0F71AB44B949429D748C7B49CF39E920CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4274F70 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea8c51e40ef07cd324d479ad167c4ae98a29a17818686f96c73b5bac6e043ba
Instruction ID: f85fb02f63cc3b8e4d948ac5f83a11dc2312a5339945e97dd7dd7fd7ed0132b4
Opcode Fuzzy Hash: fea8c51e40ef07cd324d479ad167c4ae98a29a17818686f96c73b5bac6e043ba
Instruction Fuzzy Hash: B321EAC260F3D049EB01DBA984A23B9BFD0D767748F58D0A6D28846F57D60ED04BD790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4265200 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ab0e035b59a7daf827da9b481ce3767ca0e62a1bf8df7510d0006b555abb16
Instruction ID: bcc57a51914c90e5d4d689f2fbb90f7162e517e5325d608878131f3c119ec8bc
Opcode Fuzzy Hash: a3ab0e035b59a7daf827da9b481ce3767ca0e62a1bf8df7510d0006b555abb16
Instruction Fuzzy Hash: 1621C7C160B3C049EB41D7A994923B96FD0D767788F54E0A6D18846F5BD60ED04BD390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425D814 Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 00007FFDC425D829

Part of subcall function 00007FFDC4251EB8: HeapFree.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251ECE
Part of subcall function 00007FFDC4251EB8: _errno.LIBCMT ref: 00007FFDC4251ED8
Part of subcall function 00007FFDC4251EB8: GetLastError.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251EE0

free.LIBCMT ref: 00007FFDC425D832
free.LIBCMT ref: 00007FFDC425D83B
free.LIBCMT ref: 00007FFDC425D844
free.LIBCMT ref: 00007FFDC425D84D
free.LIBCMT ref: 00007FFDC425D856
free.LIBCMT ref: 00007FFDC425D85E
free.LIBCMT ref: 00007FFDC425D867
free.LIBCMT ref: 00007FFDC425D870
free.LIBCMT ref: 00007FFDC425D879
free.LIBCMT ref: 00007FFDC425D882
free.LIBCMT ref: 00007FFDC425D88B
free.LIBCMT ref: 00007FFDC425D894
free.LIBCMT ref: 00007FFDC425D89D
free.LIBCMT ref: 00007FFDC425D8A6
free.LIBCMT ref: 00007FFDC425D8AF
free.LIBCMT ref: 00007FFDC425D8BB
free.LIBCMT ref: 00007FFDC425D8C7
free.LIBCMT ref: 00007FFDC425D8D3
free.LIBCMT ref: 00007FFDC425D8DF
free.LIBCMT ref: 00007FFDC425D8EB
free.LIBCMT ref: 00007FFDC425D8F7
free.LIBCMT ref: 00007FFDC425D903
free.LIBCMT ref: 00007FFDC425D90F
free.LIBCMT ref: 00007FFDC425D91B
free.LIBCMT ref: 00007FFDC425D927
free.LIBCMT ref: 00007FFDC425D933
free.LIBCMT ref: 00007FFDC425D93F
free.LIBCMT ref: 00007FFDC425D94B
free.LIBCMT ref: 00007FFDC425D957
free.LIBCMT ref: 00007FFDC425D963
free.LIBCMT ref: 00007FFDC425D96F
free.LIBCMT ref: 00007FFDC425D97B
free.LIBCMT ref: 00007FFDC425D987
free.LIBCMT ref: 00007FFDC425D993
free.LIBCMT ref: 00007FFDC425D99F
free.LIBCMT ref: 00007FFDC425D9AB
free.LIBCMT ref: 00007FFDC425D9B7
free.LIBCMT ref: 00007FFDC425D9C3
free.LIBCMT ref: 00007FFDC425D9CF
free.LIBCMT ref: 00007FFDC425D9DB
free.LIBCMT ref: 00007FFDC425D9E7
free.LIBCMT ref: 00007FFDC425D9F3
free.LIBCMT ref: 00007FFDC425D9FF
free.LIBCMT ref: 00007FFDC425DA0B
free.LIBCMT ref: 00007FFDC425DA17
free.LIBCMT ref: 00007FFDC425DA23
free.LIBCMT ref: 00007FFDC425DA2F
free.LIBCMT ref: 00007FFDC425DA3B
free.LIBCMT ref: 00007FFDC425DA47
free.LIBCMT ref: 00007FFDC425DA53
free.LIBCMT ref: 00007FFDC425DA5F
free.LIBCMT ref: 00007FFDC425DA6B
free.LIBCMT ref: 00007FFDC425DA77
free.LIBCMT ref: 00007FFDC425DA83
free.LIBCMT ref: 00007FFDC425DA8F
free.LIBCMT ref: 00007FFDC425DA9B
free.LIBCMT ref: 00007FFDC425DAA7
free.LIBCMT ref: 00007FFDC425DAB3
free.LIBCMT ref: 00007FFDC425DABF
free.LIBCMT ref: 00007FFDC425DACB
free.LIBCMT ref: 00007FFDC425DAD7
free.LIBCMT ref: 00007FFDC425DAE3
free.LIBCMT ref: 00007FFDC425DAEF
free.LIBCMT ref: 00007FFDC425DAFB
free.LIBCMT ref: 00007FFDC425DB07
free.LIBCMT ref: 00007FFDC425DB13
free.LIBCMT ref: 00007FFDC425DB1F
free.LIBCMT ref: 00007FFDC425DB2B
free.LIBCMT ref: 00007FFDC425DB37
free.LIBCMT ref: 00007FFDC425DB43
free.LIBCMT ref: 00007FFDC425DB4F
free.LIBCMT ref: 00007FFDC425DB5B
free.LIBCMT ref: 00007FFDC425DB67
free.LIBCMT ref: 00007FFDC425DB73
free.LIBCMT ref: 00007FFDC425DB7F
free.LIBCMT ref: 00007FFDC425DB8B
free.LIBCMT ref: 00007FFDC425DB97
free.LIBCMT ref: 00007FFDC425DBA3
free.LIBCMT ref: 00007FFDC425DBAF
free.LIBCMT ref: 00007FFDC425DBBB
free.LIBCMT ref: 00007FFDC425DBC7
free.LIBCMT ref: 00007FFDC425DBD3
free.LIBCMT ref: 00007FFDC425DBDF
free.LIBCMT ref: 00007FFDC425DBEB
free.LIBCMT ref: 00007FFDC425DBF7

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: free$ErrorFreeHeapLast_errno
String ID:
API String ID: 1012874770-0
Opcode ID: 809810c852bde380cab9d7630b300065215d843d023a40d266d4de4e5196b2cf
Instruction ID: 4ca79d592c33c923f2731a5ee9d878593c6cabd44d7d96495a2bd325440b6a48
Opcode Fuzzy Hash: 809810c852bde380cab9d7630b300065215d843d023a40d266d4de4e5196b2cf
Instruction Fuzzy Hash: ECA15423F1954685EB41AE31C8E66FC5361AF8BB4CFC44232DA4D6A7A7CE26D845C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42592B8 Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

__free_lconv_mon.LIBCMT ref: 00007FFDC4259310

Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DC8E
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCA0
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCB2
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCC4
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCD6
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCE8
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DCFA
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD0C
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD1E
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD30
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD45
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD5A
Part of subcall function 00007FFDC425DC70: free.LIBCMT ref: 00007FFDC425DD6F

free.LIBCMT ref: 00007FFDC4259304

Part of subcall function 00007FFDC4251EB8: HeapFree.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251ECE
Part of subcall function 00007FFDC4251EB8: _errno.LIBCMT ref: 00007FFDC4251ED8
Part of subcall function 00007FFDC4251EB8: GetLastError.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251EE0

free.LIBCMT ref: 00007FFDC4259326
__free_lconv_num.LIBCMT ref: 00007FFDC4259332
free.LIBCMT ref: 00007FFDC425933E
free.LIBCMT ref: 00007FFDC425934A
free.LIBCMT ref: 00007FFDC425936E
free.LIBCMT ref: 00007FFDC4259382
free.LIBCMT ref: 00007FFDC4259391
free.LIBCMT ref: 00007FFDC425939D
free.LIBCMT ref: 00007FFDC42593CA
free.LIBCMT ref: 00007FFDC42593F2
free.LIBCMT ref: 00007FFDC425940C

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: free$ErrorFreeHeapLast__free_lconv_mon__free_lconv_num_errno
String ID:
API String ID: 518839503-0
Opcode ID: 547abd55b12b105ac8436d24506e24082842f2b18bae65b4778f2d7432ad5f90
Instruction ID: e63f6768e8efb1ca80ab77df409a1fcebacdae60f594e9def19d72815984eacb
Opcode Fuzzy Hash: 547abd55b12b105ac8436d24506e24082842f2b18bae65b4778f2d7432ad5f90
Instruction Fuzzy Hash: 6741CC32B0A542D4EF559F25C4E23BCA2A0AF86B5CF484135DA0D567E5CF3EE881D390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4279E00 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 44COMMON

Download Yara Rule

APIs

OutputDebugStringA.KERNEL32 ref: 00007FFDC4279E2A
OutputDebugStringA.KERNEL32 ref: 00007FFDC4279E46
_snprintf.LIBCMT ref: 00007FFDC4279E7F
OutputDebugStringA.KERNEL32 ref: 00007FFDC4279E89
OutputDebugStringA.KERNEL32 ref: 00007FFDC4279EA7

Strings

invalid ICLRRuntimeHost., xrefs: 00007FFDC4279E3F
<unknown>, xrefs: 00007FFDC4279E63
eeeSdk1: %s HRESULT 0x%016X, xrefs: 00007FFDC4279E6A
invalid ICLRRuntimeHost pointer., xrefs: 00007FFDC4279E23
done with cleanup., xrefs: 00007FFDC4279E99

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DebugOutputString$_snprintf
String ID: <unknown>$done with cleanup.$eeeSdk1: %s HRESULT 0x%016X$invalid ICLRRuntimeHost pointer.$invalid ICLRRuntimeHost.
API String ID: 2900233425-3439405060
Opcode ID: 55591127f8b7b22d184edce36c45b681b20f9d42f03d0e0efc0cf9ee65425c25
Instruction ID: 63e4dd95366d185c6941a380dc0cb14232aa68b90081c2319931a03db66e5180
Opcode Fuzzy Hash: 55591127f8b7b22d184edce36c45b681b20f9d42f03d0e0efc0cf9ee65425c25
Instruction Fuzzy Hash: 09113A21B59A4282FB15FF60E8B63BA6360FF8AB0CF804136D90E462A5DF3DD414C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4261514 Relevance: 15.2, APIs: 10, Instructions: 250COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC42618BE), ref: 00007FFDC4261607
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC42618BE), ref: 00007FFDC4261686
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC42618BE), ref: 00007FFDC426172D
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC42618BE), ref: 00007FFDC4261753

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 2c5de0abbca34a10c582a4a981c985b3a8ddcce7447de6eea3d0b321ae24e86b
Instruction ID: 63e2502248b5baf5134e11507e407219c2ad08a6426b86ec2b731296a7d7c756
Opcode Fuzzy Hash: 2c5de0abbca34a10c582a4a981c985b3a8ddcce7447de6eea3d0b321ae24e86b
Instruction Fuzzy Hash: 84A1D662F08B8249FB619F9584A22B9E692AB427BCF584235D95D477C4DF3EF844C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4259504 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC425959E
malloc.LIBCMT ref: 00007FFDC4259607
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC425963B
LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC4259662
LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC42596AA
malloc.LIBCMT ref: 00007FFDC4259707

Part of subcall function 00007FFDC425BD4C: _FF_MSGBANNER.LIBCMT ref: 00007FFDC425BD7C
Part of subcall function 00007FFDC425BD4C: RtlAllocateHeap.NTDLL(?,?,00000000,00007FFDC4256E00,?,?,atan2,00007FFDC425BA25,?,?,?,00007FFDC425BACF,?,?,00000000,00007FFDC4257089), ref: 00007FFDC425BDA1
Part of subcall function 00007FFDC425BD4C: _callnewh.LIBCMT ref: 00007FFDC425BDBA
Part of subcall function 00007FFDC425BD4C: _errno.LIBCMT ref: 00007FFDC425BDC5
Part of subcall function 00007FFDC425BD4C: _errno.LIBCMT ref: 00007FFDC425BDD0

LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC425973C
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDC4259841), ref: 00007FFDC425977C
free.LIBCMT ref: 00007FFDC4259790
free.LIBCMT ref: 00007FFDC42597A1

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocateHeap_callnewh
String ID:
API String ID: 1390791636-0
Opcode ID: 9d1868bb890ea43fd198147fbff9d5c493680baa4ddf9e3b4bc6f6f82edc24d2
Instruction ID: 4d7f750986ca07cee1a7caa271ec0cd72fe00dbf1e4bb619e757d13aab09d5f7
Opcode Fuzzy Hash: 9d1868bb890ea43fd198147fbff9d5c493680baa4ddf9e3b4bc6f6f82edc24d2
Instruction Fuzzy Hash: 3981C472B0874286EB249F25D4A1179B795FB4ABECF540236EA1D47BD4DF3ED4008740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425CC24 Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC425CC6B
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425CC77
_errno.LIBCMT ref: 00007FFDC425CCC1
_errno.LIBCMT ref: 00007FFDC425CCCC
_errno.LIBCMT ref: 00007FFDC425CCFE
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425CD08
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000001FE,?,00007FFDC425CDF7), ref: 00007FFDC425CD7A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000001FE,?,00007FFDC425CDF7), ref: 00007FFDC425CD97
_errno.LIBCMT ref: 00007FFDC425CDBD
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425CDC9

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 2295021086-0
Opcode ID: 31cd8b450a0b35a2b16bd9a65ac54c9872a86a483702e7b93ff0c1ad13928e4e
Instruction ID: 851b93ff6921ad900049715a799964d253f13fb274c52a80a41c2cdf8ff0c717
Opcode Fuzzy Hash: 31cd8b450a0b35a2b16bd9a65ac54c9872a86a483702e7b93ff0c1ad13928e4e
Instruction Fuzzy Hash: 7E51D432F096424AFB619F62C4E23BCA6B0EF427ADF144132DA1D47AD5EF3E94418790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4259DEC Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 00007FFDC4259E0D

Part of subcall function 00007FFDC4256E50: Sleep.KERNEL32(?,?,atan2,00007FFDC425711B,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4256E95

GetFileType.KERNEL32 ref: 00007FFDC4259F78
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFDC4259FB6

Strings

@, xrefs: 00007FFDC425A071

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
String ID: @
API String ID: 3473179607-2766056989
Opcode ID: 4e25f2353cf09f72b35b8ebfaf02b3faaf6a627115772c98c4ab1ae07d716979
Instruction ID: 662d8eba4b6cd39f56f322ede16f831acd55680d1467dab6b5cc0739c8c2625e
Opcode Fuzzy Hash: 4e25f2353cf09f72b35b8ebfaf02b3faaf6a627115772c98c4ab1ae07d716979
Instruction Fuzzy Hash: 9D818E21B4978286EB149F24D4E5329B6A0FB46B7CF148335DA7E422E0EF7DE455D380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425876C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.LIBCMT ref: 00007FFDC4258795

Part of subcall function 00007FFDC425BAAC: _amsg_exit.LIBCMT ref: 00007FFDC425BAD6

DecodePointer.KERNEL32(?,?,?,?,?,atan2,00000000,00007FFDC425893D,?,?,00000000,00007FFDC425BADB,?,?,00000000,00007FFDC4257089), ref: 00007FFDC42587C8
DecodePointer.KERNEL32(?,?,?,?,?,atan2,00000000,00007FFDC425893D,?,?,00000000,00007FFDC425BADB,?,?,00000000,00007FFDC4257089), ref: 00007FFDC42587E6
DecodePointer.KERNEL32(?,?,?,?,?,atan2,00000000,00007FFDC425893D,?,?,00000000,00007FFDC425BADB,?,?,00000000,00007FFDC4257089), ref: 00007FFDC4258826
DecodePointer.KERNEL32(?,?,?,?,?,atan2,00000000,00007FFDC425893D,?,?,00000000,00007FFDC425BADB,?,?,00000000,00007FFDC4257089), ref: 00007FFDC4258840
DecodePointer.KERNEL32(?,?,?,?,?,atan2,00000000,00007FFDC425893D,?,?,00000000,00007FFDC425BADB,?,?,00000000,00007FFDC4257089), ref: 00007FFDC4258850
ExitProcess.KERNEL32 ref: 00007FFDC42588DC

Strings

atan2, xrefs: 00007FFDC425877C

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DecodePointer$ExitProcess_amsg_exit_lock
String ID: atan2
API String ID: 3411037476-4237371541
Opcode ID: fb52711732282ce2bb619b1cb9bdf4e94d129371bfd9413ad2abe3dcd273a813
Instruction ID: ae6424c595532b2e5627f185c50f201c1260d8ea364a443fdf52a9b397b528fe
Opcode Fuzzy Hash: fb52711732282ce2bb619b1cb9bdf4e94d129371bfd9413ad2abe3dcd273a813
Instruction Fuzzy Hash: ED418031B8A74681F650AF51E8E6139B6A4FF8A7CCF140535E94D037A5DFBDE4508780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425C83C Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FFDC425C85F
_errno.LIBCMT ref: 00007FFDC425C867

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 2fa57e2fcc4efe909a0990f5cdbc1391920dba67399af1543188538cd6affbdb
Instruction ID: 4c33ead7ab886c1d91fa4f1f29d1f86349818d264ad42434e3dcb0f82fe79cca
Opcode Fuzzy Hash: 2fa57e2fcc4efe909a0990f5cdbc1391920dba67399af1543188538cd6affbdb
Instruction Fuzzy Hash: 4321F222B1C10245F3166F1698F737DF6506F827AEF090536EA1C472D2DF7EA4418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4261EC8 Relevance: 10.6, APIs: 7, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC4261EE1
FlushFileBuffers.KERNEL32(?,00000000,00000000,00007FFDC425EFB2,?,?,00000001,00007FFDC425F05B,?,?,?,?,?,00007FFDC425CAC1), ref: 00007FFDC4261F44
GetLastError.KERNEL32(?,00000000,00000000,00007FFDC425EFB2,?,?,00000001,00007FFDC425F05B,?,?,?,?,?,00007FFDC425CAC1), ref: 00007FFDC4261F4E
__doserrno.LIBCMT ref: 00007FFDC4261F5E
_errno.LIBCMT ref: 00007FFDC4261F65

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$BuffersErrorFileFlushLast__doserrno
String ID:
API String ID: 1845094721-0
Opcode ID: 7ae9868878e6c0430af00d5580c905db3ad2100750218a0723abe30464d28ab9
Instruction ID: 329774c927ce9d4266c5a92bb1399032a07b8f42fceec824bffe4128e429f34f
Opcode Fuzzy Hash: 7ae9868878e6c0430af00d5580c905db3ad2100750218a0723abe30464d28ab9
Instruction Fuzzy Hash: B5219F21B0CB4345F6156FA5A8F63BDB6609F827ADF180538EA1D062D6CFADB84187D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4258F80 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00007FFDC4258F9F

Part of subcall function 00007FFDC425716C: _amsg_exit.LIBCMT ref: 00007FFDC4257182

Part of subcall function 00007FFDC4258BBC: _getptd.LIBCMT ref: 00007FFDC4258BC6
Part of subcall function 00007FFDC4258BBC: _amsg_exit.LIBCMT ref: 00007FFDC4258C63

Part of subcall function 00007FFDC4258C78: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,00007FFDC4258FBA,?,?,?,?,?,00007FFDC4259177), ref: 00007FFDC4258CA2

Part of subcall function 00007FFDC4256DD0: malloc.LIBCMT ref: 00007FFDC4256DFB
Part of subcall function 00007FFDC4256DD0: Sleep.KERNEL32(?,?,atan2,00007FFDC425BA25,?,?,?,00007FFDC425BACF,?,?,00000000,00007FFDC4257089,?,?,00000000,00007FFDC4257140), ref: 00007FFDC4256E0E

free.LIBCMT ref: 00007FFDC425902A

Part of subcall function 00007FFDC4251EB8: HeapFree.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251ECE
Part of subcall function 00007FFDC4251EB8: _errno.LIBCMT ref: 00007FFDC4251ED8
Part of subcall function 00007FFDC4251EB8: GetLastError.KERNEL32(?,?,00000000,00007FFDC4257154,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4251EE0

_lock.LIBCMT ref: 00007FFDC425905A
free.LIBCMT ref: 00007FFDC42590FD
free.LIBCMT ref: 00007FFDC4259129
_errno.LIBCMT ref: 00007FFDC425912E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
String ID:
API String ID: 3894533514-0
Opcode ID: 0ed002b9e781ad307c5057b621fd28eb0afc452a32badea5c4e3c342e612a4fc
Instruction ID: 59bb7fd74c9dac491992fc5b43cc100d26e54423d1700262d749a228ad47372f
Opcode Fuzzy Hash: 0ed002b9e781ad307c5057b621fd28eb0afc452a32badea5c4e3c342e612a4fc
Instruction Fuzzy Hash: 6951C532B0864282E754AF21D4A227AF7A1FF86B4CF548136CA5E47396CF7EE441D790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4252D18 Relevance: 9.1, APIs: 6, Instructions: 63threadCOMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC4252D43
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC4252D4E
_getptd.LIBCMT ref: 00007FFDC4252D74
CreateThread.KERNEL32 ref: 00007FFDC4252DC9
GetLastError.KERNEL32 ref: 00007FFDC4252DD4
free.LIBCMT ref: 00007FFDC4252DDF

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CreateErrorLastThread_errno_getptd_invalid_parameter_noinfofree
String ID:
API String ID: 3283625137-0
Opcode ID: 3db5457fa67562ad5f42829d7e3f72f67d7bbfba9f1174799cdc393c1d3f979a
Instruction ID: 50daa664365f52d8aeef296871fb3705e03c8c386a9bd498a15c46a6004a03d0
Opcode Fuzzy Hash: 3db5457fa67562ad5f42829d7e3f72f67d7bbfba9f1174799cdc393c1d3f979a
Instruction Fuzzy Hash: CF21B831B0978185E604EF95E9A226AF290FF85B9CF444235EE5C437D6CF3DE4508B90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42623E8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FFDC4262401
_errno.LIBCMT ref: 00007FFDC4262409

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 4182367a1f8d6a3c074da3e32ecdb82729c2a687e6af2c171c07703ecc793e65
Instruction ID: faf909ea372f3a2bce58f1c61e4aa82264148f37d5497907d4225e7db8ed3577
Opcode Fuzzy Hash: 4182367a1f8d6a3c074da3e32ecdb82729c2a687e6af2c171c07703ecc793e65
Instruction Fuzzy Hash: 6F11CD32F0C28245F2157FA4A8F63FDB650AF827BDF590934E91D076C2CE6EA44087A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42570E8 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846,?,?,?,?,00007FFDC4255421), ref: 00007FFDC42570F2
FlsGetValue.KERNEL32(?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846,?,?,?,?,00007FFDC4255421), ref: 00007FFDC4257100
SetLastError.KERNEL32(?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846,?,?,?,?,00007FFDC4255421), ref: 00007FFDC4257158

Part of subcall function 00007FFDC4256E50: Sleep.KERNEL32(?,?,atan2,00007FFDC425711B,?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846), ref: 00007FFDC4256E95

FlsSetValue.KERNEL32(?,?,7FF0000000000000,00007FFDC4252BC9,?,?,?,?,00007FFDC425B846,?,?,?,?,00007FFDC4255421), ref: 00007FFDC425712C
free.LIBCMT ref: 00007FFDC425714F

Part of subcall function 00007FFDC4257030: _lock.LIBCMT ref: 00007FFDC4257084
Part of subcall function 00007FFDC4257030: _lock.LIBCMT ref: 00007FFDC42570A3

GetCurrentThreadId.KERNEL32 ref: 00007FFDC4257140

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ErrorLastValue_lock$CurrentSleepThreadfree
String ID:
API String ID: 3106088686-0
Opcode ID: e6ff27567b3fa0b6b1b16187dff0f4ed7aabaedbfd0ca2c2b1f22c1ea6afe5d4
Instruction ID: 54325c061e83228ae2e9a1aa38656ebc94b8c5f742f6167f0508bf0b578a70c5
Opcode Fuzzy Hash: e6ff27567b3fa0b6b1b16187dff0f4ed7aabaedbfd0ca2c2b1f22c1ea6afe5d4
Instruction Fuzzy Hash: 9A01B920F8A70342FB04BF6194F643972919FCAB6CF548234C96D033C1DE3CE8408690

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4310510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDC427A860: GetModuleHandleW.KERNEL32 ref: 00007FFDC427A8AF
Part of subcall function 00007FFDC427A860: OutputDebugStringA.KERNEL32 ref: 00007FFDC427A8C8
Part of subcall function 00007FFDC427A860: GetProcAddress.KERNEL32 ref: 00007FFDC427A8D8
Part of subcall function 00007FFDC427A860: OutputDebugStringA.KERNEL32 ref: 00007FFDC427AAE3
Part of subcall function 00007FFDC427A860: _snprintf.LIBCMT ref: 00007FFDC427AB64
Part of subcall function 00007FFDC427A860: OutputDebugStringA.KERNEL32 ref: 00007FFDC427AB6E

_snprintf.LIBCMT ref: 00007FFDC43105A3
OutputDebugStringA.KERNEL32 ref: 00007FFDC43105AD
OutputDebugStringA.KERNEL32 ref: 00007FFDC43105DE

Part of subcall function 00007FFDC4279ED0: OutputDebugStringA.KERNEL32 ref: 00007FFDC4279F68
Part of subcall function 00007FFDC4279ED0: OutputDebugStringA.KERNEL32 ref: 00007FFDC427A78D
Part of subcall function 00007FFDC4279ED0: HeapFree.KERNEL32 ref: 00007FFDC427A7DC
Part of subcall function 00007FFDC4279ED0: _snprintf.LIBCMT ref: 00007FFDC427A814
Part of subcall function 00007FFDC4279ED0: OutputDebugStringA.KERNEL32 ref: 00007FFDC427A81E

Strings

API called without license: %ld (0x%lx), xrefs: 00007FFDC431058B
API called without activation, xrefs: 00007FFDC43105D7, 00007FFDC43105E4

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DebugOutputString$_snprintf$AddressFreeHandleHeapModuleProc
String ID: API called without activation$API called without license: %ld (0x%lx)
API String ID: 2884571555-1210341260
Opcode ID: 401136aeefbb003f88e2f031dd7e26aad4bf3eab7edbca8be367336afb95ce7c
Instruction ID: 3c0e55eebd8142dfa5bb403f3b12dc38d4ddeabe9c8b4e59e19c2d5cfd7f635c
Opcode Fuzzy Hash: 401136aeefbb003f88e2f031dd7e26aad4bf3eab7edbca8be367336afb95ce7c
Instruction Fuzzy Hash: 02418D21B8C64682FA11BF21E8B57BA6270EFD7B8CF140032E94E47A95DF2DE445D780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4257448 Relevance: 7.6, APIs: 5, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 00007FFDC4257465

Part of subcall function 00007FFDC425CBE4: _errno.LIBCMT ref: 00007FFDC425CBED
Part of subcall function 00007FFDC425CBE4: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425CBF8

_errno.LIBCMT ref: 00007FFDC4257475
_errno.LIBCMT ref: 00007FFDC4257491
_isatty.LIBCMT ref: 00007FFDC42574F2
_getbuf.LIBCMT ref: 00007FFDC42574FE

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_fileno_getbuf_invalid_parameter_noinfo_isatty
String ID:
API String ID: 2574049805-0
Opcode ID: 42116ed48073fbc8cb8c176749aa27962a357a8dc79f9af7ed3fa91853591fda
Instruction ID: c159c3fbe529336ac8eb390e7b87ef6c9cb003e7bc3df7ba66a92c6b618b22a0
Opcode Fuzzy Hash: 42116ed48073fbc8cb8c176749aa27962a357a8dc79f9af7ed3fa91853591fda
Instruction Fuzzy Hash: 7241E572F1870645EB14DF29C4A2278B6A0EB86B9CF140235DAAD473D6DE3DE841C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425D634 Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,00007FFDC425D7EF), ref: 00007FFDC425D68E
malloc.LIBCMT ref: 00007FFDC425D6F2
MultiByteToWideChar.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,00007FFDC425D7EF), ref: 00007FFDC425D73A
GetStringTypeW.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,00007FFDC425D7EF), ref: 00007FFDC425D751
free.LIBCMT ref: 00007FFDC425D765

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide$StringTypefreemalloc
String ID:
API String ID: 307345228-0
Opcode ID: eda2e52c1c6387d6625c1a0dcae2b05c1950a666517687c84596c333ebf2595d
Instruction ID: 5c05b33a1cb6d61e722087e43e16501dc4ef4bf1a3e576e9c51298cab80d8c46
Opcode Fuzzy Hash: eda2e52c1c6387d6625c1a0dcae2b05c1950a666517687c84596c333ebf2595d
Instruction Fuzzy Hash: 5541C222B15B4186EB109F2598A15B9B3D4FF4ABACF588231EE2D477D4DF3DE4018780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D3850 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D38FE
_errno.LIBCMT ref: 00007FFDC42D3909
pow.LIBCMT ref: 00007FFDC42D391B
_errno.LIBCMT ref: 00007FFDC42D3941
_errno.LIBCMT ref: 00007FFDC42D3949

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: cb206d23922051ce9230e2ce20d481ed2bf5cbd3a117731a444823383714976e
Instruction ID: 196671ac37c75631ca7ed4873364d24ac5ce100603102ac99b564218c0c03e30
Opcode Fuzzy Hash: cb206d23922051ce9230e2ce20d481ed2bf5cbd3a117731a444823383714976e
Instruction Fuzzy Hash: 6441B722B0DA4184E6115F29E0A33BEB760AF86B8CF145332EA4D562D5DF3EE453C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D47B0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4809
_errno.LIBCMT ref: 00007FFDC42D4814
log.LIBCMT ref: 00007FFDC42D4836
_errno.LIBCMT ref: 00007FFDC42D485E
_errno.LIBCMT ref: 00007FFDC42D4866

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 623eeb00712e4972e1ac596d5c29190679f7573fbc7fee4b772fd4f57030d139
Instruction ID: 76784d9cebcb13065a04d78729c113d03c8651c45fbef86342954e556f1ce574
Opcode Fuzzy Hash: 623eeb00712e4972e1ac596d5c29190679f7573fbc7fee4b772fd4f57030d139
Instruction Fuzzy Hash: BE31D422F19A8281E6125F34E4A237EA360AF927DCF118331EA1E172D1DF3DE452C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D48E0 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4939
_errno.LIBCMT ref: 00007FFDC42D4944
log.LIBCMT ref: 00007FFDC42D4967
_errno.LIBCMT ref: 00007FFDC42D4987
_errno.LIBCMT ref: 00007FFDC42D498F

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 4baf83719be503ae4c8dcdd0a0057b1a96a9f18907d39934e474741ac348b30a
Instruction ID: 39920f3b2f1399201f59a81a8576af4a2f552c7fe4504c29d0bd4ef921cb9b9b
Opcode Fuzzy Hash: 4baf83719be503ae4c8dcdd0a0057b1a96a9f18907d39934e474741ac348b30a
Instruction Fuzzy Hash: 68310922B09A4280E7119F35E0A33BEA350AF92B9CF019331EA5E172D5DF3DE552C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4A00 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4A59
_errno.LIBCMT ref: 00007FFDC42D4A64
log.LIBCMT ref: 00007FFDC42D4A87
_errno.LIBCMT ref: 00007FFDC42D4AA7
_errno.LIBCMT ref: 00007FFDC42D4AAF

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 116d8c711abd44fec274e21e2a8eb764e5cf81cb31da0d62215ab023893bc249
Instruction ID: 88fe59ec81458884b8ee7f7d1838840cfd98ef07a0b103d12d6b3eddb17a2067
Opcode Fuzzy Hash: 116d8c711abd44fec274e21e2a8eb764e5cf81cb31da0d62215ab023893bc249
Instruction Fuzzy Hash: 2431D722B09A4185E6115F24E1B237EA360AF9279CF119331EA5D173D1DF3DE452C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC429D290 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

log.LIBCMT ref: 00007FFDC429D31B
log.LIBCMT ref: 00007FFDC429D339
log.LIBCMT ref: 00007FFDC429D358
log.LIBCMT ref: 00007FFDC429D35F
log10.LIBCMT ref: 00007FFDC429D36E

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: log10
String ID:
API String ID: 1421435071-0
Opcode ID: fceb4ad4d641e2b2f774d37cffa31cc30349a1384261cb4bacecb5bed56760c7
Instruction ID: 17886f829e5246709df3495e7ffea0922ae5363f49e637b4acad7b2f6de011e0
Opcode Fuzzy Hash: fceb4ad4d641e2b2f774d37cffa31cc30349a1384261cb4bacecb5bed56760c7
Instruction Fuzzy Hash: 43316311F2C98284EA15AF3590E31BDD354AFB378EF148732E94E231A6CF1EE4536684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425D240 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712,?,?,?,00007FFDC4254D69), ref: 00007FFDC425D269
DecodePointer.KERNEL32(?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712,?,?,?,00007FFDC4254D69), ref: 00007FFDC425D279

Part of subcall function 00007FFDC425EA44: _errno.LIBCMT ref: 00007FFDC425EA4D
Part of subcall function 00007FFDC425EA44: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425EA58

EncodePointer.KERNEL32(?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712,?,?,?,00007FFDC4254D69), ref: 00007FFDC425D2F7

Part of subcall function 00007FFDC4256ED4: realloc.LIBCMT ref: 00007FFDC4256EFF
Part of subcall function 00007FFDC4256ED4: Sleep.KERNEL32(?,?,00000000,00007FFDC425D2E7,?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712), ref: 00007FFDC4256F1B

EncodePointer.KERNEL32(?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712,?,?,?,00007FFDC4254D69), ref: 00007FFDC425D307
EncodePointer.KERNEL32(?,?,?,00007FFDC425D355,?,?,?,?,00007FFDC4258712,?,?,?,00007FFDC4254D69), ref: 00007FFDC425D314

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinforealloc
String ID:
API String ID: 1909145217-0
Opcode ID: 8d390023c4c213198b07db4bb324ebc6b8fbfc10ab091cb028ce68477e53e028
Instruction ID: 7270e948478f013d1d3877d6a2e4d65796ce6404cc878c2c00bdad518399b989
Opcode Fuzzy Hash: 8d390023c4c213198b07db4bb324ebc6b8fbfc10ab091cb028ce68477e53e028
Instruction Fuzzy Hash: 9921AD20B9A78291EA00AF61F9E6179F260BF86BCCB448835D90D07395EE7DE041C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4590 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D45E9
_errno.LIBCMT ref: 00007FFDC42D45F4
$pdata$_XMMI_FP_Emulation.LIBCMT ref: 00007FFDC42D4602
_errno.LIBCMT ref: 00007FFDC42D4622
_errno.LIBCMT ref: 00007FFDC42D462A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$$pdata$_Emulation
String ID:
API String ID: 2034963834-0
Opcode ID: 19e932a39c08b9584448e799256441380befc107241075baae3beefba2a7301a
Instruction ID: c8928bb1d55343c1263f27c6a0ef969494fed0d4a27c3693ed0cc6788f162738
Opcode Fuzzy Hash: 19e932a39c08b9584448e799256441380befc107241075baae3beefba2a7301a
Instruction Fuzzy Hash: 82210522B09A4281E6115F28E0A337EA350AF92BDCF045331EA5E173D1DF3EE552CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D46A0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D46F9
_errno.LIBCMT ref: 00007FFDC42D4704
$pdata$_XMMI_FP_Emulation.LIBCMT ref: 00007FFDC42D4712
_errno.LIBCMT ref: 00007FFDC42D4732
_errno.LIBCMT ref: 00007FFDC42D473A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$$pdata$_Emulation
String ID:
API String ID: 2034963834-0
Opcode ID: d7ce664eec3c476f1d3e1ec43f5054ef8d2275e44b23259bfe64eb42d8ee0a14
Instruction ID: b10d946c58818963fc5e6d43cb55855bd5bf0060702b001e332309bfc3082955
Opcode Fuzzy Hash: d7ce664eec3c476f1d3e1ec43f5054ef8d2275e44b23259bfe64eb42d8ee0a14
Instruction Fuzzy Hash: EB21E862B09A4181E7115F28E4A237EA350AF82B9CF045331DA5E173D2DF7EE452CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D3CF0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D3D49
_errno.LIBCMT ref: 00007FFDC42D3D54
log10.LIBCMT ref: 00007FFDC42D3D62
_errno.LIBCMT ref: 00007FFDC42D3D82
_errno.LIBCMT ref: 00007FFDC42D3D8A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$log10
String ID:
API String ID: 2389301657-0
Opcode ID: fe6c0a5cf55d3895ef8d40b11c73c20f9a520214102e42bb945358988c966deb
Instruction ID: 802dfb001b7604013e4c42d6a29fe679fa73d21c3f1312040067d3eef31191c1
Opcode Fuzzy Hash: fe6c0a5cf55d3895ef8d40b11c73c20f9a520214102e42bb945358988c966deb
Instruction Fuzzy Hash: EF21E822B09A4181E6115F25E0A337EA350AF82B9CF005231DA5E5B3D1DF7EE452CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D3E00 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D3E59
_errno.LIBCMT ref: 00007FFDC42D3E64
log.LIBCMT ref: 00007FFDC42D3E72
_errno.LIBCMT ref: 00007FFDC42D3E92
_errno.LIBCMT ref: 00007FFDC42D3E9A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 9a00122fb39ddb421f6ff1f2246871c327c90ee990032184aa18802c0622bc25
Instruction ID: 51c76027b46a75664e1884c0a2f1d762a4a93ed138b4fa2986e43f62ff0272b4
Opcode Fuzzy Hash: 9a00122fb39ddb421f6ff1f2246871c327c90ee990032184aa18802c0622bc25
Instruction Fuzzy Hash: F521F932B09A4181E6115F28E0A33BEA360AF82B9CF004331EA5E173D1DF7DE452C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425524C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4255273
_set_statfp.LIBCMT ref: 00007FFDC425528E
_set_statfp.LIBCMT ref: 00007FFDC42552AA
_set_statfp.LIBCMT ref: 00007FFDC42552E6

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 2b4a5b1b828fa0073f5fd6c99ec51f7ceec40db209f1ce87d84b6450763c8d83
Instruction ID: ffa9478c95a209fbc327c21ae24d17b74acc5f6ec1854c32ed4fce9a10c51f01
Opcode Fuzzy Hash: 2b4a5b1b828fa0073f5fd6c99ec51f7ceec40db209f1ce87d84b6450763c8d83
Instruction Fuzzy Hash: B3119126F1CA0211FA6409E8F4E337991416F573BCF584630E96ECA6DECE6EA4C183C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425EB2C Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FFDC425EB35
_errno.LIBCMT ref: 00007FFDC425EB3D

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 81796627a4d9ca40644b245a230229c29a58230460d9010aafef7f31eb9a59af
Instruction ID: a79fc374b480e22fbc75d2caf2738e63ebf451ddef1d779d78034dd8b4cfe794
Opcode Fuzzy Hash: 81796627a4d9ca40644b245a230229c29a58230460d9010aafef7f31eb9a59af
Instruction Fuzzy Hash: A8018172F1D60685EA152F14C8F337CF6A16FA2B7EF514730D52E063E2CE6E64418AA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4253EBC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4253F20
_set_statfp.LIBCMT ref: 00007FFDC4253F88

Strings

", xrefs: 00007FFDC4253FDF
cosh, xrefs: 00007FFDC4253F70

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID: "$cosh
API String ID: 1156100317-3800341493
Opcode ID: 0febaf1d3986b2b03bcf1d658a99ecbfc652edaf0f96b0a15a787d332fefb79e
Instruction ID: 5f9a9e3b14e39cd6e45ccb5a44c8641bd3d2bf6891ee8380b41b7d34f26116ed
Opcode Fuzzy Hash: 0febaf1d3986b2b03bcf1d658a99ecbfc652edaf0f96b0a15a787d332fefb79e
Instruction Fuzzy Hash: 14919221A28F8589D2639F34A4A1376B378AF973DDF109323E58E71A51DF6DE1828740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425B25C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

_fltout2.LIBCMT ref: 00007FFDC425B297
_errno.LIBCMT ref: 00007FFDC425B2A1
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425B2A8

Strings

-, xrefs: 00007FFDC425B2C3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno_fltout2_invalid_parameter_noinfo
String ID: -
API String ID: 485257318-2547889144
Opcode ID: 2c0a3fa97bc8b679f695b3ed4b2a955b7ee4bbd37cd04f549802152a4c2c742f
Instruction ID: 2d2fc3bf33fdb87cade5ea315d41ae458df84f68bfed5d1b97a5815ef257eebd
Opcode Fuzzy Hash: 2c0a3fa97bc8b679f695b3ed4b2a955b7ee4bbd37cd04f549802152a4c2c742f
Instruction Fuzzy Hash: 1C31282270C68185EA209E21A4923AEFB60AF437DCF144131EE9C47BD5DE2ED405CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425E350 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC425E369
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425E375
_errno.LIBCMT ref: 00007FFDC425E39C

Strings

1, xrefs: 00007FFDC425E3EB

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID: 1
API String ID: 2819658684-2212294583
Opcode ID: 6e1539c9c2745ae4249b3514226ca977865afe062f10ff204ec681d7818bade5
Instruction ID: 8e70a6b6c883aff761b99ac89b490e301683e44ff5d9c9e8858e1d5a617f806b
Opcode Fuzzy Hash: 6e1539c9c2745ae4249b3514226ca977865afe062f10ff204ec681d7818bade5
Instruction Fuzzy Hash: BB21B322B1D2D2A5F7179F2484B637CEA949F0278CF559031D60E463C3DE6FA940C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EF152 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 22COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32 ref: 00007FFDC42EF195

Strings

misuse, xrefs: 00007FFDC42EF16C
%s at line %d of [%.10s], xrefs: 00007FFDC42EF173
ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc, xrefs: 00007FFDC42EF165

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CriticalDeleteSection
String ID: %s at line %d of [%.10s]$ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc$misuse
API String ID: 166494926-1714554426
Opcode ID: abb2878965aaabb9159a3c4bd6936ed7f1f95b55823f15ef7919ab698cda2dce
Instruction ID: 478f2d71412bcd5a950e5e45f5c5240d5a16986f047e1112aea7828da105a556
Opcode Fuzzy Hash: abb2878965aaabb9159a3c4bd6936ed7f1f95b55823f15ef7919ab698cda2dce
Instruction Fuzzy Hash: 8DE06565F49A4792FF20AF05E4B21BA93A0AF9775DF440630CD0C0B3A0EE1DE552C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425859C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,000000FF,00007FFDC42585E5,?,?,00000028,00007FFDC425BD95,?,?,00000000,00007FFDC4256E00,?,?,atan2,00007FFDC425BA25), ref: 00007FFDC42585AB
GetProcAddress.KERNEL32(?,?,000000FF,00007FFDC42585E5,?,?,00000028,00007FFDC425BD95,?,?,00000000,00007FFDC4256E00,?,?,atan2,00007FFDC425BA25), ref: 00007FFDC42585C0

Strings

mscoree.dll, xrefs: 00007FFDC42585A4
CorExitProcess, xrefs: 00007FFDC42585B6

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 1646373207-1276376045
Opcode ID: 76225d16d85476b6ce5b7d76dd3dd510080d217bd303a59113b883369caff6d8
Instruction ID: f28fa34fd7eafad63306b47a354a1ddf6f951168ab0b23c42d52c5562638ac36
Opcode Fuzzy Hash: 76225d16d85476b6ce5b7d76dd3dd510080d217bd303a59113b883369caff6d8
Instruction Fuzzy Hash: 20E01220FD661242FE19BF91A8F62742250AF8A7C9B481438D52E063D0EF6CE5688790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425CFB8 Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC425D006
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425D011
DecodePointer.KERNEL32(?,?,?,?,?,00007FFDC425F0D0,?,?,?,?,00007FFDC425CF62), ref: 00007FFDC425D0C0
_lock.LIBCMT ref: 00007FFDC425D0EB

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
String ID:
API String ID: 27599310-0
Opcode ID: f29ad4f33d3603765bf2314b4e7b277aa5e865c55ad43bff01dd80ee0a008c14
Instruction ID: 1ed7d9e1180738ee74f8de38e2f5c541d56053944ae7fd84216913fdcd555491
Opcode Fuzzy Hash: f29ad4f33d3603765bf2314b4e7b277aa5e865c55ad43bff01dd80ee0a008c14
Instruction Fuzzy Hash: FF517F31B2D64282FA65AF14A4E633AA661EB8774CF14C435D94E43694DF3EF842C681

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425AFEC Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDC4253814: _getptd.LIBCMT ref: 00007FFDC4253826

_errno.LIBCMT ref: 00007FFDC425B02A
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425B034
_errno.LIBCMT ref: 00007FFDC425B058
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDC425B062

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_getptd
String ID:
API String ID: 1297830140-0
Opcode ID: 482c0f890c61ada91b5ffbb9ad912a50f051568c261740e699f5dae3f31eb8d7
Instruction ID: 30e6bee1713c4277cdb12fa7db2cc171f4e9d8fb5a7a3f7454282d0867267174
Opcode Fuzzy Hash: 482c0f890c61ada91b5ffbb9ad912a50f051568c261740e699f5dae3f31eb8d7
Instruction Fuzzy Hash: 2241BD22B1878686E751DF2485E6279BFA0EB46BD8F048131DB5D43B96CF2EE445C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4255308 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

_ctrlfp.LIBCMT ref: 00007FFDC4255349

Part of subcall function 00007FFDC425524C: _set_statfp.LIBCMT ref: 00007FFDC4255273
Part of subcall function 00007FFDC425524C: _set_statfp.LIBCMT ref: 00007FFDC42552E6

_raise_exc.LIBCMT ref: 00007FFDC42553B8
_ctrlfp.LIBCMT ref: 00007FFDC42553F8
_ctrlfp.LIBCMT ref: 00007FFDC4255429

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _ctrlfp$_set_statfp$_raise_exc
String ID:
API String ID: 4286142557-0
Opcode ID: 269a13897e46b1984a12ec617c10c80bb020fd7cd124fff6199e0e5df6c2d7d0
Instruction ID: 975088dfcca65574ac10156d6f0b455838151946625da6b7441faa71fd0ed882
Opcode Fuzzy Hash: 269a13897e46b1984a12ec617c10c80bb020fd7cd124fff6199e0e5df6c2d7d0
Instruction Fuzzy Hash: 6A318032A18A858AE711DF65A8522AFA761FB8639CF001235FA4D17A59DF3DD481CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4360 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D43B9
_errno.LIBCMT ref: 00007FFDC42D43C4
_errno.LIBCMT ref: 00007FFDC42D43FA
_errno.LIBCMT ref: 00007FFDC42D4402

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: b60b92dc635cbfd84e14443719a6335b923cbdd75f2fc49f7984a8f2356de1b2
Instruction ID: 1eca490b4edef44844b559763bc1cadc743f1472a2491a103a974a09f6eda3da
Opcode Fuzzy Hash: b60b92dc635cbfd84e14443719a6335b923cbdd75f2fc49f7984a8f2356de1b2
Instruction Fuzzy Hash: 5431E822B09A4281E6515F28E1A337EE390AF82B9CF145331DA5E173D2DF7EE452C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D3F10 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D3F69
_errno.LIBCMT ref: 00007FFDC42D3F74
_errno.LIBCMT ref: 00007FFDC42D3FAA
_errno.LIBCMT ref: 00007FFDC42D3FB2

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: d259540f980b7e6013375459d12bddc0522f21a1dab7281bd3e04af5310a778e
Instruction ID: 9da3e967cdda8fbffcf899880e9ba641854e5e0e9bd57c050d8552952eae647f
Opcode Fuzzy Hash: d259540f980b7e6013375459d12bddc0522f21a1dab7281bd3e04af5310a778e
Instruction Fuzzy Hash: 1131E822B09A4285E6155F28E1A337EA360EF82B9CF004331EA5E173D1DF7EE452C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4480 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D44D9
_errno.LIBCMT ref: 00007FFDC42D44E4
_errno.LIBCMT ref: 00007FFDC42D4512
_errno.LIBCMT ref: 00007FFDC42D451A

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: cec10b7c5966826615da2b6fe603817ff2655b739fbfd55c6f23be07568eef2f
Instruction ID: 4526b058b74be174e30203f0b7eb742050aa7cb6e636387e08e1e81b5d2f1d18
Opcode Fuzzy Hash: cec10b7c5966826615da2b6fe603817ff2655b739fbfd55c6f23be07568eef2f
Instruction Fuzzy Hash: 32210B22B09A4181E6115F28E0A337EA350AF92BDCF049331EA5E173D1DF7EE592C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4140 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4199
_errno.LIBCMT ref: 00007FFDC42D41A4
_errno.LIBCMT ref: 00007FFDC42D41D2
_errno.LIBCMT ref: 00007FFDC42D41DA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: d2f6451909ec2827173ec5027d2db5eb3de9ebf450bef0b3a7995de1c7579ca0
Instruction ID: b8e9d25cb8fa6adccea0c64116fe351a3428530c0bef3dcb3f8b4c33ae734098
Opcode Fuzzy Hash: d2f6451909ec2827173ec5027d2db5eb3de9ebf450bef0b3a7995de1c7579ca0
Instruction Fuzzy Hash: A8212962B09A4181E6115F24E0A33BEA350AF92B9CF004331DA6D173D1CF3EE452C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4250 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D42A9
_errno.LIBCMT ref: 00007FFDC42D42B4
_errno.LIBCMT ref: 00007FFDC42D42E2
_errno.LIBCMT ref: 00007FFDC42D42EA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 118c64b8089996eb4064367a7bba92e29c6c2d91b75a2094720e83f2c113c354
Instruction ID: fa5ed41b0bcac3ced166c6c04c4d6de7088c7e53032c844ce449ab6fd4db053d
Opcode Fuzzy Hash: 118c64b8089996eb4064367a7bba92e29c6c2d91b75a2094720e83f2c113c354
Instruction Fuzzy Hash: 5C212722B09A4281F6115F28E0A33BEA350AF82B9CF104332EA5D073D1CF3EE452C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4D40 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4D99
_errno.LIBCMT ref: 00007FFDC42D4DA4
_errno.LIBCMT ref: 00007FFDC42D4DD2
_errno.LIBCMT ref: 00007FFDC42D4DDA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 65b1904b35e70ee2527b84e9f3d60f7112bc3909b5c664c844fd5caaba095690
Instruction ID: 17f442f0d2c9f15e5109249ad0a6f3e68a879a7fddd97cebab21c4d5c15a90d7
Opcode Fuzzy Hash: 65b1904b35e70ee2527b84e9f3d60f7112bc3909b5c664c844fd5caaba095690
Instruction Fuzzy Hash: A721F762B09A4281E7115F28E1A337EA350AF82B9CF044331EA5E573D5DF7EE552C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4E50 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4EA9
_errno.LIBCMT ref: 00007FFDC42D4EB4
_errno.LIBCMT ref: 00007FFDC42D4EE2
_errno.LIBCMT ref: 00007FFDC42D4EEA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 7f658f70883f2395418b13b15add5095b3429737ebed84ca76384725e80122a0
Instruction ID: f22f2f57031affe095378e6f52fd541ef97e4ff3694746b68e3694e9d9ab0306
Opcode Fuzzy Hash: 7f658f70883f2395418b13b15add5095b3429737ebed84ca76384725e80122a0
Instruction Fuzzy Hash: 5A21F722B09A4281E7115F28E1A33BEA350AF82B9CF145336EA5D173D1DF7EE452C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4B20 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4B79
_errno.LIBCMT ref: 00007FFDC42D4B84
_errno.LIBCMT ref: 00007FFDC42D4BB2
_errno.LIBCMT ref: 00007FFDC42D4BBA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 56f0af283c95377380a4743862c3579445a8564f31593eb4949266f9c01893c0
Instruction ID: 90879bc08aa76f3f854fd64a5d7ad92281418c8792fb983bcebb760f889b92bf
Opcode Fuzzy Hash: 56f0af283c95377380a4743862c3579445a8564f31593eb4949266f9c01893c0
Instruction Fuzzy Hash: 3F21F722F09A4281E6115F28E4A337EA350AF92B9CF045331EA5D173D1DF7EE552C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42D4C30 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDC42D4C89
_errno.LIBCMT ref: 00007FFDC42D4C94
_errno.LIBCMT ref: 00007FFDC42D4CC2
_errno.LIBCMT ref: 00007FFDC42D4CCA

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: cff1824a2f9f47ee7021ddc87d749fd5b153054f6df8ec32b9bdd4877abf75a6
Instruction ID: 87da4202d26ef7795cd4ec897e3b217ef18a8f01f01983b5ad21fe7cd1a3a84e
Opcode Fuzzy Hash: cff1824a2f9f47ee7021ddc87d749fd5b153054f6df8ec32b9bdd4877abf75a6
Instruction Fuzzy Hash: 7D210B22B09A4181E6115F28E1B337EA350AF82B9CF049331DA5E173D1DF7EE452C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC42EF1B5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 70COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 00007FFDC42EF247

Strings

misuse, xrefs: 00007FFDC42EF28F
%s at line %d of [%.10s], xrefs: 00007FFDC42EF296
ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc, xrefs: 00007FFDC42EF288

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CriticalInitializeSection
String ID: %s at line %d of [%.10s]$ac7f8f09329b714a8fb3d4ece9ea5e6a16ea7f8803a35feac38fae83607fdadc$misuse
API String ID: 32694325-1714554426
Opcode ID: 02bb59c57bebed429d35c6ec35bc350f712122b4fe0eaf70e4adaeda404f1098
Instruction ID: 881d4049c64d237e208f4718bba28b83a34a11f92717fd7a204c3ee63d1d5c83
Opcode Fuzzy Hash: 02bb59c57bebed429d35c6ec35bc350f712122b4fe0eaf70e4adaeda404f1098
Instruction Fuzzy Hash: 3E218135B5AA0281EF649F14F8A12BAA3A0FF8A74DF590535CA0D073A5EF3DE5418380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425EE4C Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

_lock.LIBCMT ref: 00007FFDC425EE60

Part of subcall function 00007FFDC425BAAC: _amsg_exit.LIBCMT ref: 00007FFDC425BAD6

fclose.LIBCMT ref: 00007FFDC425EE90
DeleteCriticalSection.KERNEL32(?,?,?,?,?,00007FFDC425CACF), ref: 00007FFDC425EEB4
free.LIBCMT ref: 00007FFDC425EEC5

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CriticalDeleteSection_amsg_exit_lockfclosefree
String ID:
API String ID: 594724896-0
Opcode ID: 651a6fea7efe7c3b844d753283985a638a0f676f2a91bb86dea460dc24e23dc8
Instruction ID: 3a9285a248040217cb90bbb78344ab830a945c953a002b02cacd07dd887cc3c2
Opcode Fuzzy Hash: 651a6fea7efe7c3b844d753283985a638a0f676f2a91bb86dea460dc24e23dc8
Instruction Fuzzy Hash: A6118E21B1C60282E6109F55E4E637DB761FBC2B5CF154635DA5E432A5CF2EE402C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4257008 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

FlsFree.KERNEL32(?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC4257017
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC425B957
free.LIBCMT ref: 00007FFDC425B960
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDC4254DCE), ref: 00007FFDC425B987

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: CriticalDeleteSection$Freefree
String ID:
API String ID: 1250194111-0
Opcode ID: bf44e3ba93536ed58af35f41ae6da20e2037f185da3797a2c7806770417fd5fc
Instruction ID: d573cc59547d66c2260c81e7c63fff128f324c13416e2b1f1aeca8843cb73fe7
Opcode Fuzzy Hash: bf44e3ba93536ed58af35f41ae6da20e2037f185da3797a2c7806770417fd5fc
Instruction Fuzzy Hash: F1116331F89682C6EB54AF51E4F2379BBA0EF86B6CF580531D65D062A6CF3CD4508B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4258BBC Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00007FFDC4258BC6

Part of subcall function 00007FFDC425716C: _amsg_exit.LIBCMT ref: 00007FFDC4257182

_lock.LIBCMT ref: 00007FFDC4258BF4
free.LIBCMT ref: 00007FFDC4258C2A
_amsg_exit.LIBCMT ref: 00007FFDC4258C63

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _amsg_exit$_getptd_lockfree
String ID:
API String ID: 2148533958-0
Opcode ID: df5704e460aaca5b571b876fad3512d53b735e0b4d913dfae92aa970edb46c5b
Instruction ID: 39959375a1aee9143c4c5d9b16dfbfe768f54bf5dbd2703c5245a41cfb9b912a
Opcode Fuzzy Hash: df5704e460aaca5b571b876fad3512d53b735e0b4d913dfae92aa970edb46c5b
Instruction Fuzzy Hash: 25115132B1A64586EA98AF01D4E2779B3B0FF86B4CF484035DA4E03395DF6DE864C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4252C98 Relevance: 6.0, APIs: 4, Instructions: 32threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFDC4252CCD
ExitThread.KERNEL32 ref: 00007FFDC4252CD5
GetCurrentThreadId.KERNEL32 ref: 00007FFDC4252CDC
_freefls.LIBCMT ref: 00007FFDC4252D0D

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: Thread$CurrentErrorExitLast_freefls
String ID:
API String ID: 217443660-0
Opcode ID: 8e04a49e0cd59887d0dcef82bdf956a28b2bf3440b036cb0f5f64380e7f874ba
Instruction ID: c8276df2b2d59151b17021fa1005b75fa19031f9ea89ed137766f931f8426be5
Opcode Fuzzy Hash: 8e04a49e0cd59887d0dcef82bdf956a28b2bf3440b036cb0f5f64380e7f874ba
Instruction Fuzzy Hash: EE018125F4974244EB147FB194EB2BCA2A0AF4AB8CF140030D95D473C3EE2EA44043A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425948C Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00007FFDC4259492

Part of subcall function 00007FFDC425716C: _amsg_exit.LIBCMT ref: 00007FFDC4257182

_getptd.LIBCMT ref: 00007FFDC42594B2
_lock.LIBCMT ref: 00007FFDC42594C5
_amsg_exit.LIBCMT ref: 00007FFDC42594F3

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _amsg_exit_getptd$_lock
String ID:
API String ID: 3670291111-0
Opcode ID: 446ca0fa7e594002ce71484d075814f1c688a1b26586f914adee67df38d40b58
Instruction ID: caad0bc94337f2f1bfcca91665e5b619e7f518468fc48033e31452a5e2ee6e29
Opcode Fuzzy Hash: 446ca0fa7e594002ce71484d075814f1c688a1b26586f914adee67df38d40b58
Instruction Fuzzy Hash: 28F0F921F4A50286FA54AF6188E37F9A660EF87B0CF494134DA0D0B3D2DF1DA841D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4252F3C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4252F95

Strings

", xrefs: 00007FFDC4253049
sinh, xrefs: 00007FFDC4252FF0, 00007FFDC4253051

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID: "$sinh
API String ID: 1156100317-1232919748
Opcode ID: 2c15fbf87f26d343d7241625fb4e353c303ece5af2422dba0948a3fd83d6fea6
Instruction ID: 9afc19f2fad284359ddc6e2bc044d8437789c7e2411833f291a7c0e3f3ddccc7
Opcode Fuzzy Hash: 2c15fbf87f26d343d7241625fb4e353c303ece5af2422dba0948a3fd83d6fea6
Instruction Fuzzy Hash: 6D91A221A28F8589D2639F34A4A1376B368AF973DDF109337E58E32A55DF2DE0478740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC425351C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4253588

Strings

!, xrefs: 00007FFDC4253609
tan, xrefs: 00007FFDC4253602

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID: !$tan
API String ID: 1156100317-2428968949
Opcode ID: 4cb00f50fec1183b9336798fa4da7c9d6dff690b3b9cfedf89f0ee146d1898f1
Instruction ID: 23a3a43f893cc41dcd0fa7189a7f561165f9f1030a022ee235613596c99f69f3
Opcode Fuzzy Hash: 4cb00f50fec1183b9336798fa4da7c9d6dff690b3b9cfedf89f0ee146d1898f1
Instruction Fuzzy Hash: CE610D11F2CBC944E6639F7190B137AD254AF973DCF10A332E81E25BA0EF5EA0874680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4254274 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4254366

Part of subcall function 00007FFDC4255308: _ctrlfp.LIBCMT ref: 00007FFDC4255349
Part of subcall function 00007FFDC4255308: _raise_exc.LIBCMT ref: 00007FFDC42553B8
Part of subcall function 00007FFDC4255308: _ctrlfp.LIBCMT ref: 00007FFDC42553F8

Strings

acos, xrefs: 00007FFDC425430F
!, xrefs: 00007FFDC4254395

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _ctrlfp$_raise_exc_set_statfp
String ID: !$acos
API String ID: 783765284-2870037509
Opcode ID: ad63c3819c973b859abfb373f3b9aea13f0b1604fd72aa90fc318b8fdefc6dd4
Instruction ID: a7f8da33fdc1bf380a0f60ad5674a69595a6c3798a12dcc823a3381f0416e7c0
Opcode Fuzzy Hash: ad63c3819c973b859abfb373f3b9aea13f0b1604fd72aa90fc318b8fdefc6dd4
Instruction Fuzzy Hash: AF71C721E28F4189D613DF3498B1336D268AFA73DCF118336E95E35960DF2DE1439A80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4254A14 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4254AFD

Part of subcall function 00007FFDC4255308: _ctrlfp.LIBCMT ref: 00007FFDC4255349
Part of subcall function 00007FFDC4255308: _raise_exc.LIBCMT ref: 00007FFDC42553B8
Part of subcall function 00007FFDC4255308: _ctrlfp.LIBCMT ref: 00007FFDC42553F8

Strings

asin, xrefs: 00007FFDC4254AAF
!, xrefs: 00007FFDC4254B2C

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _ctrlfp$_raise_exc_set_statfp
String ID: !$asin
API String ID: 783765284-2188059690
Opcode ID: ea87e1e9918d9aac6edbd09ff176ab2856c651d892e3e9e99dbcf3ccadc8be2f
Instruction ID: aaabb83617fd42045d85eea9112f335f4eadcbc32d5e98880817d7966952979d
Opcode Fuzzy Hash: ea87e1e9918d9aac6edbd09ff176ab2856c651d892e3e9e99dbcf3ccadc8be2f
Instruction Fuzzy Hash: F661C821E28F8189E6539F3594B2336E378BFD73D8F108336E94A355A5DF1DA1429680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDC4254570 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFDC4254641

Strings

!, xrefs: 00007FFDC4254606
atan, xrefs: 00007FFDC42545F8

Memory Dump Source

Source File: 0000001C.00000002.3043623019.00007FFDC4251000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDC4250000, based on PE: true

Associated: 0000001C.00000002.3043583858.00007FFDC4250000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3047427673.00007FFDC43AE000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048051394.00007FFDC43E6000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048148222.00007FFDC43EC000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048184761.00007FFDC43ED000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048237205.00007FFDC43F1000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048459117.00007FFDC4404000.00000010.00000001.01000000.00000011.sdmpDownload File
Associated: 0000001C.00000002.3048509161.00007FFDC4406000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffdc4250000_RegAsm.jbxd

Similarity

API ID: _set_statfp
String ID: !$atan
API String ID: 1156100317-1342027943
Opcode ID: 2f6257b1ac34ff5876b384eeb5606a37d678eaa65482a72c31b2f063b06e2fd9
Instruction ID: cd62137de45f4d0c4789eba1b45dbdba5c2fee949e91edded48d03ebf35d0929
Opcode Fuzzy Hash: 2f6257b1ac34ff5876b384eeb5606a37d678eaa65482a72c31b2f063b06e2fd9
Instruction Fuzzy Hash: 8F518421E6DF5288E5A7AF34A8B13369778AF933DDF009332D85E61961DF2DA1434680

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\RegAsm.exe

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\Si.pif

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\5870\s

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Blocks

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Estonia

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Evening

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Facility

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Gui

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Mauritius

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Mi

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\President

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Reduce

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Routing

C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Span

Windows Analysis Report
https://dl.dropboxusercontent.com/scl/fi/ch36zjncov5kkumu5acij/ESCAIXA_JUSTIFICANTEPAG0.exe.gz?rlkey=qsx38lshrxds1w4cb64txm81b&dl=0

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre