Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1435613
MD5:	1a6b4d357d1b8bab80524e40be1b2698
SHA1:	70961ace92a0ebfdb38ae27a22181fb5a4f7d440
SHA256:	09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff
Tags:	exe
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Vidar stealer

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking computer name)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Searches for specific processes (likely to inject)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6608 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1A6B4D357D1B8BAB80524E40BE1B2698)

conhost.exe (PID: 6568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 416 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199680449169"], "Botnet": "03cea2609023d13f145ac6c5dc897112", "Version": "9.3"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x201f8:$s1: JohnDoe 0x2ef80:$s1: JohnDoe 0x201f0:$s2: HAL9TH
00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6608	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 416	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 416	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 416	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.e1f040.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.e1f040.1.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x1e7f8:$s1: JohnDoe 0x1e7f0:$s2: HAL9TH
0.2.file.exe.e1f040.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.e1f040.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x1f3f8:$s1: JohnDoe 0x1f3f0:$s2: HAL9TH
2.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.RegAsm.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x201f8:$s1: JohnDoe 0x2ef80:$s1: JohnDoe 0x201f0:$s2: HAL9TH
2.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x1f3f8:$s1: JohnDoe 0x1f3f0:$s2: HAL9TH
0.2.file.exe.df0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.df0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x4ba38:$s1: JohnDoe 0x4ba30:$s2: HAL9TH
Click to see the 5 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199680449169"], "Botnet": "03cea2609023d13f145ac6c5dc897112", "Version": "9.3"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00406252 CryptUnprotectData,LocalAlloc,LocalFree,	2_2_00406252
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004061EF CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	2_2_004061EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040825F memset,lstrlen,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,	2_2_0040825F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00402420 memset,CryptStringToBinaryA,CryptStringToBinaryA,CryptStringToBinaryA,	2_2_00402420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040F82E CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	2_2_0040F82E

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.105.90.131:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08F67 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00E08F67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040BDAF _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040BDAF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004011D9 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	2_2_004011D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004093C1 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_004093C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004145BC _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_004145BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004097DC _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_004097DC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00414960 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	2_2_00414960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00414CC7 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_00414CC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00409E01 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_00409E01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00413F80 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,	2_2_00413F80

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0041433D _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,

2_2_0041433D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199680449169

Source: global traffic

TCP traffic: 192.168.2.4:49731 -> 95.217.245.42:9000

Source: global traffic

HTTP traffic detected: GET /profiles/76561199680449169 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 95.217.245.42 95.217.245.42
Source: Joe Sandbox View	IP Address: 104.105.90.131 104.105.90.131

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.245.42

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00404165 _EH_prolog,GetProcessHeap,RtlAllocateHeap,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

2_2_00404165

Source: global traffic

HTTP traffic detected: GET /profiles/76561199680449169 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache

Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.co equals www.youtube.com (Youtube)

Source: global traffic

DNS traffic detected: DNS query: steamcommunity.com

Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42/
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://95.217.245.42:9000
Source: RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/0ea2osoft
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/B
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/J
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/Z
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/freebl3.dll
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/freebl3.dllEdge
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/mozglue.dll
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/mozglue.dllEdge
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/mozglue.dllt
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/msvcp140.dll
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/msvcp140.dlldge
Source: RegAsm.exe, 00000002.00000002.2862938128.000000000156D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/nss3.dll
Source: RegAsm.exe, 00000002.00000002.2862938128.000000000156D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/nss3.dll)))
Source: RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/nss3.dllD
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/nss3.dllft
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/r
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/softokn3.dll
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/softokn3.dlldge
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862938128.000000000156D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/sqlx.dll
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dll
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dll_7)
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dllser
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dllw=
Source: RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000/z
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:900090ea2le
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000acrosoft
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000el
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000ing
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000l
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.217.245.42:9000vcruntime140.dllUser
Source: BKKFHIEG.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: BKKFHIEG.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: BKKFHIEG.2.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BKKFHIEG.2.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&a
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqw
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_Vry
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=KyfgrihL0xta&l=e
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: BKKFHIEG.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BKKFHIEG.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BKKFHIEG.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://help.steampowered.com/en/
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.co
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/X
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/discussions/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/market/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, file.exe, 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/badges
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/inventory/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://steamcommunity.com/workshop/
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/
Source: 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/about/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/explore/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/legal/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/mobile
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/news/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/stats/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, CGDGCFBA.2.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: CGDGCFBA.2.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, CGDGCFBA.2.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: CGDGCFBA.2.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
Source: file.exe, file.exe, 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/r1g1o
Source: BKKFHIEG.2.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: BKKFHIEG.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=T
Source: RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.105.90.131:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040FD7F _EH_prolog,memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

2_2_0040FD7F

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.file.exe.e1f040.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.2.file.exe.e1f040.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.2.file.exe.df0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E3B0B0	0_2_00E3B0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E394EB	0_2_00E394EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E03663	0_2_00E03663
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E38A49	0_2_00E38A49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E39BC7	0_2_00E39BC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E0CD80	0_2_00E0CD80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFEEF0	0_2_00DFEEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFBE7D	0_2_00DFBE7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E38F9A	0_2_00E38F9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E03F4F	0_2_00E03F4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041A609	2_2_0041A609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041B787	2_2_0041B787
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AB5A	2_2_0041AB5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041CC70	2_2_0041CC70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A4CF0	2_2_1C0A4CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09292D	2_2_1C09292D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1F9CC0	2_2_1C1F9CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C092AA9	2_2_1C092AA9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0912A8	2_2_1C0912A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C091C9E	2_2_1C091C9E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C145940	2_2_1C145940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C092018	2_2_1C092018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1B9A20	2_2_1C1B9A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1F9430	2_2_1C1F9430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C139690	2_2_1C139690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C14D6D0	2_2_1C14D6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A9000	2_2_1C0A9000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1B5040	2_2_1C1B5040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C26D209	2_2_1C26D209
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1253B0	2_2_1C1253B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C093580	2_2_1C093580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0B8D2A	2_2_1C0B8D2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C091EF1	2_2_1C091EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C194A60	2_2_1C194A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1D0480	2_2_1C1D0480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0B8680	2_2_1C0B8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0B8763	2_2_1C0B8763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0F4760	2_2_1C0F4760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C128760	2_2_1C128760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1B8030	2_2_1C1B8030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C110090	2_2_1C110090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C118120	2_2_1C118120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C093AB2	2_2_1C093AB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09290A	2_2_1C09290A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09251D	2_2_1C09251D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0BBAB0	2_2_1C0BBAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09F160	2_2_1C09F160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09174E	2_2_1C09174E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0C3370	2_2_1C0C3370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0919DD	2_2_1C0919DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0D6E80	2_2_1C0D6E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C26AEBE	2_2_1C26AEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0F2EE0	2_2_1C0F2EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1CE800	2_2_1C1CE800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C093E3B	2_2_1C093E3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09481D	2_2_1C09481D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1AA900	2_2_1C1AA900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C18A940	2_2_1C18A940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1769C0	2_2_1C1769C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09AA40	2_2_1C09AA40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09EA80	2_2_1C09EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0947AF	2_2_1C0947AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0BA560	2_2_1C0BA560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C18A590	2_2_1C18A590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A66C0	2_2_1C0A66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C11A0B0	2_2_1C11A0B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C09209F	2_2_1C09209F

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00DF6C10 appears 49 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00E34F32 appears 98 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00416AF2 appears 98 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C091F5A appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C093AF3 appears 37 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C09395E appears 78 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C091C2B appears 47 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C09415B appears 133 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0040249B appears 311 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1C2706B1 appears 36 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.file.exe.e1f040.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.2.file.exe.e1f040.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.2.file.exe.df0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks

Source: file.exe

Static PE information: Section: .Left ZLIB complexity 0.9971438717532467

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/10@1/2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040EDA7 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

2_2_0040EDA7

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040F1A8 CoCreateInstance,SysAllocString,SysFreeString,_wtoi64,SysFreeString,SysFreeString,

2_2_0040F1A8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6568:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 39%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0041608F GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

2_2_0041608F

Source: file.exe	Static PE information: section name: .Left
Source: sqlx[1].dll.2.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E360F5 push ecx; ret	0_2_00E36108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1EBE5 push cs; ret	0_2_00E1EBE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1EBAF push cs; ret	0_2_00E1EBB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1EC2B push cs; ret	0_2_00E1EC2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF5F0D push ecx; ret	0_2_00DF5F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00417CB5 push ecx; ret	2_2_00417CC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C091BF9 push ecx; ret	2_2_1C234C03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0910C8 push ecx; ret	2_2_1C293552

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

2_2_0041608F

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 416, type: MEMORYSTR

Found evasive API chain (may stop execution after checking computer name)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetComputerName,DecisionNodes,Sleep

graph_2-79511

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, RegAsm.exe	Binary or memory string: DIR_WATCH.DLL
Source: file.exe, RegAsm.exe	Binary or memory string: SBIEDLL.DLL
Source: file.exe, RegAsm.exe	Binary or memory string: API_LOG.DLL
Source: RegAsm.exe, 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 9.4 %

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040E76B GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 0040E87Eh

2_2_0040E76B

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08F67 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00E08F67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040BDAF _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040BDAF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004011D9 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	2_2_004011D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004093C1 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_004093C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004145BC _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_004145BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004097DC _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_004097DC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00414960 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	2_2_00414960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00414CC7 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	2_2_00414CC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00409E01 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_00409E01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00413F80 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,	2_2_00413F80

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0041433D _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,

2_2_0041433D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040E907 GetSystemInfo,wsprintfA,

2_2_0040E907

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: RegAsm.exe, 00000002.00000002.2862621914.00000000012D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001393000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001310000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node			graph_2-80430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node			graph_2-79220

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00DFA723 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00DFA723

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

2_2_0041608F

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E0A031 mov eax, dword ptr fs:[00000030h]	0_2_00E0A031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E001B7 mov ecx, dword ptr fs:[00000030h]	0_2_00E001B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E34113 mov eax, dword ptr fs:[00000030h]	0_2_00E34113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00415CD3 mov eax, dword ptr fs:[00000030h]	2_2_00415CD3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00E0C630 GetProcessHeap,

0_2_00E0C630

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF66E5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00DF66E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFA723 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00DFA723
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF69EF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00DF69EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF6B4B SetUnhandledExceptionFilter,	0_2_00DF6B4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00419387 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00419387
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00417E5F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00417E5F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041CF18 SetUnhandledExceptionFilter,	2_2_0041CF18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C092C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_1C092C8E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0942AF SetUnhandledExceptionFilter,	2_2_1C0942AF

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040FC40 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

2_2_0040FC40

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63E000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E0B008	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00DF64CC cpuid

0_2_00DF64CC

Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_00E0C0D0
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00E05032
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00E0C1F9
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_00E0C2FF
Source: C:\Users\user\Desktop\file.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00E0C3CE
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_00E05558
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00E0BDF2
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00E0BD57
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00E0BD0C
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00E0BE7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: _EH_prolog,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	2_2_0040E76B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_1C092112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_1C092112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_1C26FF17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_1C093AA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_1C283300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_1C282CB6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_1C282D38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_1C282DF9

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00DF68E2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00DF68E2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040E651 GetProcessHeap,HeapAlloc,GetUserNameA,

2_2_0040E651

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040E718 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

2_2_0040E718

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: RegAsm.exe, 00000002.00000002.2862662158.0000000001310000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.file.exe.e1f040.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.e1f040.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 416, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 416, type: MEMORYSTR

Remote Access Functionality

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.file.exe.e1f040.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.e1f040.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 416, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A5C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_1C0A5C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C10DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	2_2_1C10DFC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C111FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C111FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C135910 sqlite3_mprintf,sqlite3_bind_int64,	2_2_1C135910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1BD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1C1BD9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C10DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_1C10DB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1B14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1C1B14D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1BD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1C1BD4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1355B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C1355B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C16D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C16D610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C129090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	2_2_1C129090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1351D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C1351D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C14D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C14D3B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C174D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,InitOnceBeginInitialize,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_1C174D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0C0FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_1C0C0FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A4820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	2_2_1C0A4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0E8550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	2_2_1C0E8550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0B8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	2_2_1C0B8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0E06E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	2_2_1C0E06E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C108200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	2_2_1C108200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0BB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	2_2_1C0BB400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C153770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C153770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C1737E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C1737E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0EEF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	2_2_1C0EEF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0A66C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_1C0A66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C10A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	2_2_1C10A6F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0FE090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_1C0FE090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C10E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1C10E170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_1C0FE200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	2_2_1C0FE200

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	411 Process Injection	1 Masquerading	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	411 Process Injection	LSASS Memory	141 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	12 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Account Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	3 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	154 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
file.exe	39%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	HEUR/AGEN.1317595
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://recaptcha.net	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/r	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/mozglue.dll	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/z	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/msvcp140.dlldge	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/nss3.dll)))	0%	Avira URL Cloud	safe
https://95.217.245.42:9000	0%	Avira URL Cloud	safe
https://95.217.245.42:9000l	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/nss3.dllD	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/nss3.dllft	0%	Avira URL Cloud	safe
https://95.217.245.42:900090ea2le	0%	Avira URL Cloud	safe
https://95.217.245.42/	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/softokn3.dll	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/mozglue.dllt	0%	Avira URL Cloud	safe
https://95.217.245.42:9000vcruntime140.dllUser	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/mozglue.dllEdge	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/softokn3.dlldge	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/0ea2osoft	0%	Avira URL Cloud	safe
https://95.217.245.42:9000acrosoft	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/vcruntime140.dllser	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/nss3.dll	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/freebl3.dllEdge	0%	Avira URL Cloud	safe
https://95.217.245.42:9000el	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/vcruntime140.dllw=	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/msvcp140.dll	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/J	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/vcruntime140.dll_7)	0%	Avira URL Cloud	safe
https://95.217.245.42:9000/B	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.105.90.131	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199680449169	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	BKKFHIEG.2.dr	false		high
https://duckduckgo.com/ac/?q=	BKKFHIEG.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_Vry	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://steamcommunity.com/?subsection=broadcasts	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/mozglue.dll	RegAsm.exe, 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/r	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/subscriber_agreement/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://www.gstatic.cn/recaptcha/	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/z	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/msvcp140.dlldge	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000	76561199680449169[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://www.valvesoftware.com/legal.htm	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000l	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://95.217.245.42:9000/nss3.dllD	RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/nss3.dll)))	RegAsm.exe, 00000002.00000002.2862938128.000000000156D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/Z	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://95.217.245.42:9000/nss3.dllft	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42/	RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:900090ea2le	RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
http://store.steampowered.com/privacy_agreement/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/softokn3.dll	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/points/shop/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BKKFHIEG.2.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, CGDGCFBA.2.dr	false		high
https://steamcommunity.com/profiles/76561199680449169/badges	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://www.ecosia.org/newtab/	BKKFHIEG.2.dr	false		high
https://www.youtube.com/	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false		high
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	76561199680449169[1].htm.2.dr	false		high
https://store.steampowered.com/privacy_agreement/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://steamcommunity.com/X	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.217.245.42:9000vcruntime140.dllUser	RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/mozglue.dllt	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://www.google.com/recaptcha/	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.217.245.42:9000/mozglue.dllEdge	RegAsm.exe, 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/softokn3.dlldge	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	CGDGCFBA.2.dr	false		high
https://www.valvesoftware.com/en/contact?contact-person=T	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/0ea2osoft	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/about/	76561199680449169[1].htm.2.dr	false		high
https://steamcommunity.com/my/wishlist/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000acrosoft	RegAsm.exe, 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://95.217.245.42:9000/vcruntime140.dllser	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://help.steampowered.com/en/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://store.steampowered.com/news/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqw	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/nss3.dll	RegAsm.exe, 00000002.00000002.2862938128.000000000156D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/freebl3.dllEdge	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000el	RegAsm.exe, 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	BKKFHIEG.2.dr	false		high
http://store.steampowered.com/subscriber_agreement/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169	76561199680449169[1].htm.2.dr	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, CGDGCFBA.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://95.217.245.42:9000/vcruntime140.dllw=	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/discussions/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://t.me/r1g1o	file.exe, file.exe, 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://store.steampowered.com/steam_refunds/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	CGDGCFBA.2.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	BKKFHIEG.2.dr	false		high
https://95.217.245.42:9000/msvcp140.dll	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.245.42:9000/vcruntime140.dll_7)	RegAsm.exe, 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/workshop/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://store.steampowered.com/legal/	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
http://www.sqlite.org/copyright.html.	RegAsm.exe, 00000002.00000002.2863327466.000000001632F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.2.dr	false		high
https://95.217.245.42:9000/B	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&a	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	RegAsm.exe, 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2862775596.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.2.dr	false		high
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	76561199680449169[1].htm.2.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	BKKFHIEG.2.dr	false		high
https://95.217.245.42:9000/J	RegAsm.exe, 00000002.00000002.2862953478.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://recaptcha.net	RegAsm.exe, 00000002.00000002.2862662158.0000000001374000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.217.245.42	unknown	Germany		24940	HETZNER-ASDE	false
104.105.90.131	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1435613
Start date and time:	2024-05-02 23:45:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/10@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 69 Number of non-executed functions: 241
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 72.21.81.240
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
23:45:56	API Interceptor	1x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
95.217.245.42	file.exe	Get hash	malicious	Vidar	Browse
	tZvjMg3Hw9.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	WlCIinu0yp.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
104.105.90.131	tZvjMg3Hw9.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	ss.exe	Get hash	malicious	CryptOne	Browse
	ss.exe	Get hash	malicious	CryptOne	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse
	Rechnung.pdf.lnk	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	Vidar	Browse	184.87.56.26
	tZvjMg3Hw9.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse	104.105.90.131
	file.exe	Get hash	malicious	Vidar	Browse	104.105.90.131
	WlCIinu0yp.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT	Browse	104.104.85.160
	file.exe	Get hash	malicious	Vidar	Browse	23.210.138.105
	0dN59ZIkEM.exe	Get hash	malicious	Vidar	Browse	23.7.115.52
	file.exe	Get hash	malicious	Vidar	Browse	23.210.138.105
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse	23.210.138.105
	file.exe	Get hash	malicious	Vidar	Browse	23.210.138.105
	file.exe	Get hash	malicious	Vidar	Browse	104.105.90.131

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HETZNER-ASDE	c8sDO7umrx.exe	Get hash	malicious	CMSBrute	Browse	49.13.210.40
	http://event.strategiedirect.com	Get hash	malicious	Unknown	Browse	167.233.13.125
	Jkxkt.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	Jkxkt.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	U8uFcjIjAR.exe	Get hash	malicious	LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine	Browse	116.202.23.44
	yZcecBUXN7.exe	Get hash	malicious	FormBook	Browse	148.251.36.121
	List of items.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	135.181.215.231
	EMPLOYEE-FINAL-SETTLEMENTS.doc	Get hash	malicious	FormBook	Browse	148.251.36.121
	file.exe	Get hash	malicious	Vidar	Browse	95.217.245.42
	SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exe	Get hash	malicious	FormBook	Browse	116.203.164.244
AKAMAI-ASUS	https://mandrillapp.com/track/click/30551860/topbusiness.ro?p=eyJzIjoiWmkwVnFVYXdRYlFmYnVnd3Y3OWdtR2h1anpvIiwidiI6MSwicCI6IntcInVcIjozMDU1MTg2MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3RvcGJ1c2luZXNzLnJvXFxcL3dwLWFkbWluXFxcL2pzXFxcL3dpZGdldHNcXFwvbWVkaWFcXFwvP2FjdGlvbj12aWV3JjE0MD1jMk52ZEhRdVpHRm9ibXRsUUd4allYUjBaWEowYjI0dVkyOXQmcjE9MTQwJnIyPTE0MCZub2lzZT00Q0hBUlwiLFwiaWRcIjpcImVjMTY1MjE1OWRhYTRjZTA5ZGZhODE5NTEzNzU2Mjg1XCIsXCJ1cmxfaWRzXCI6W1wiOGMyZTc5NjYyNTU5N2FjNDFlODZkYmM4MWMwMjI2MTFjZjYyYTIzMlwiXX0ifQ	Get hash	malicious	HTMLPhisher	Browse	23.195.92.23
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:5fd2b75e-76e0-49e5-b618-3adf1ca6f2ff	Get hash	malicious	HTMLPhisher	Browse	23.40.179.157
	OneLaunch - EarthView3D_3o3f1.exe	Get hash	malicious	Unknown	Browse	23.56.163.243
	9d565bee-e6ce-1842-e729-b0df8f08ed34.eml	Get hash	malicious	HTMLPhisher	Browse	23.47.169.232
	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	Get hash	malicious	Unknown	Browse	96.17.64.189
	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	Get hash	malicious	Unknown	Browse	23.47.168.24
	file.exe	Get hash	malicious	Vidar	Browse	184.87.56.26
	https://ipgnz-my.sharepoint.com/:b:/p/dennis/EQBdT3T6DAtNud_AgeVvevoBe4Wv-zzpt7vOYoJkOhRHCQ?e=4%3ao8ZtZs&at=9&xsdata=MDV8MDJ8bGlhbmRhLnN0b2VsQG1sY2luc3VyYW5jZS5jb20uYXV8ZWQ1OTE1MzNhZDY4NDYyZGVhMzEwOGRjNjk4OGRiNjR8YTRlYmRjZDY2ODU0NGRlMGIxOGM3MmQ2ZjA5ZDA1MzV8MHwwfDYzODUwMTI4NDE4MTIzMzI1MXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18ODAwMDB8fHw%3d&sdata=Zjh2Q283ajAyWEprbjBOUFdSdEFmRDhIdUU4Ym01c0JKNzV6cU1BWklhST0%3d	Get hash	malicious	HTMLPhisher	Browse	23.40.179.132
	https://herozheng.com/	Get hash	malicious	Unknown	Browse	23.47.168.66
	H0RZizYUEv.elf	Get hash	malicious	Mirai	Browse	104.76.15.64

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	JpFr8C6ljd.dll	Get hash	malicious	Unknown	Browse	104.105.90.131
	JpFr8C6ljd.dll	Get hash	malicious	Unknown	Browse	104.105.90.131
	file.exe	Get hash	malicious	SmokeLoader	Browse	104.105.90.131
	PO-USC-22USC-KonchoCo.exe	Get hash	malicious	GuLoader, Remcos	Browse	104.105.90.131
	er).xla.xlsx	Get hash	malicious	Unknown	Browse	104.105.90.131
	SAL_000268_DOM.xls	Get hash	malicious	Unknown	Browse	104.105.90.131
	Teklif talebi BAKVENTA-BAKUUsurpationens.cmd	Get hash	malicious	GuLoader, Remcos	Browse	104.105.90.131
	5801.xls	Get hash	malicious	Unknown	Browse	104.105.90.131
	RFQ-LOTUS 2024.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.105.90.131
	325445263.img	Get hash	malicious	Unknown	Browse	104.105.90.131

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll	file.exe	Get hash	malicious	Vidar	Browse
	tZvjMg3Hw9.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	WlCIinu0yp.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	LummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	0dN59ZIkEM.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse
	file.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\BGDAAKJJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKKFHIEG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKKFHIEGDHJKECAAKKEBAFIJKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGDGCFBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGHCGIID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	modified
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIJECGDGCBKECAKFBGCA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	69993
Entropy (8bit):	7.99584879649948
Encrypted:	true
SSDEEP:	1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr
MD5:	29F65BA8E88C063813CC50A4EA544E93
SHA1:	05A7040D5C127E68C25D81CC51271FFB8BEF3568
SHA-256:	1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
SHA-512:	E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA
Malicious:	false
Preview:	MSCF....i.......,...................I.................oXAy .authroot.stl.Ez..Q6..CK..<Tk...p.k..1...3...[..%Y.f..."K.6)..[I.hOB."..rK.RQ..}f..f...}....9.\|.....gA...30.,O2L...0..%.U...U.t.....`dqM2.x..t...<(uad.c...x5V.x..t..agd.v......i...KD..q(. ...JJ......#..'=. ...3.x...}...+T.K..!.'.`w .!.x.r.......YafhG..O.3....'P[..'.D../....n..t....R<..=\E7L0?{..T.f...ID...,...r....3z..O/.b.Iwx.. .o...a\.s........."..'.......<;s.[...l...6.)ll..B.P.....k.... k0.".t!/.,........{...P8....B..0(.. .Q.....d...q,\.$.n.Q.\.p...R..:.hr./..8.S<a.s...+#3....D..h1.a.0....{.9.....:e.......n.~G.{.M.1..OU.....B.Q..y_>.P{...}i.=.a..QQT.U..\|!.pyCD@.....l..70..w..)...W^.`l...%Y.\................i..=hYV.O8W@P.=.r.=..1m..1....)\.p..\|.c.3..t..[...).....l.{.Y....\S.....y....[.mCt....Js;...H....Q..F.....g.O...[..A.=...F[..z....k...mo.lW{`....O...T.g.Y.Uh.;m.'.N..f..}4..9i..t4p_bI..`.....Ie..l.P.... ...Lg......[....5g...~D.s.h'>n.m.c.7...-..P.gG...i$...v.m.b[.yO.P/*.YH.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.139206469813435
Encrypted:	false
SSDEEP:	6:kKNE/lDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:FSlMkPlE99SNxAhUeVLVt
MD5:	277583C13263F9525C5E77A13724E844
SHA1:	D008CCD731B24CC241A47C8822E3F8080BADBF45
SHA-256:	732D15B2D0D05C5DEBB686ACD7E3FEC42EA2BEC7324810A0F193D58D58294971
SHA-512:	A4BC61FB46CCCFD78C578E920E280D99AAA4A8115B68FD988ADD081DA1878ED963A81B4C4D60BFC8E405F62D6EDDC1F3CBBEF5B8EAEA62EBB476D6B72927CDCD
Malicious:	false
Preview:	p...... ..........B....(....................................................... ........M.........(...........i...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".b.3.6.8.5.3.8.5.a.4.7.f.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34791
Entropy (8bit):	5.384005815680116
Encrypted:	false
SSDEEP:	768:Xdpqm+0Ih3YAA9CWGEqfcDAGPzzgiJmDzJtxvrfJkPVoEAdmPzzgiJmDzJtxvJ2D:Xd8m+0Ih3YAA9CWGEqFGPzzgiJmDzJtE
MD5:	6C8C25D8CF07A6F37F1F9BEEA527C9B5
SHA1:	66719A470CC1A8D6CB4006EBD7529CDD45B9B88B
SHA-256:	63172A35E2CFC48D0E6AC7D77FAB89A36A0B68C8291F5F12F8C1F51ACFA2EF90
SHA-512:	19E91008561919E873F2BA7744D88EEC2B03B8C8B5548161A243740C8B8D1568EFB3E2647B4453D8DAF086E9D7CBD7362B8F449ED0D9690E36CF53E49D1C1630
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: p__o https://95.217.245.42:9000\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<lin

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: tZvjMg3Hw9.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: WlCIinu0yp.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 0dN59ZIkEM.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.512784715951123
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	386'560 bytes
MD5:	1a6b4d357d1b8bab80524e40be1b2698
SHA1:	70961ace92a0ebfdb38ae27a22181fb5a4f7d440
SHA256:	09ad84f8dde519aa02e92ffce896f55271105ceaab7e0f0a1f1ca9fee90650ff
SHA512:	67484dcb04fc15b09b88679fd3ac860991cebe97c07a27bf9e425e8277def7f61d244690ee582c2be72d0dda3fa486b53382f3e3ad368602d176c5f72a77de67
SSDEEP:	6144:NqW5NIK5m09C0h5t4mnNpZO+Ua2PsQxDnK6gDelK88JqeGq0DLt+7SHo:8W5NIYF4mnZO+Ua2zxDnKrZJqtHLt+mI
TLSH:	1684E05571C1C072D57319360AF5E6B8AE7DB8700A629EEF67980F7E0F30282D2356A7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.+z?.E)?.E)?.E)..F(3.E)..@(..E)..A(*.E)..A(-.E)..F(+.E)..D(:.E)?.D)e.E)..@(r.E)..@(>.E)...)>.E)..G(>.E)Rich?.E)........PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x406239
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6634033C [Thu May 2 21:18:52 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ab27116ad46b656bb5d70aa3050a97a2

Entrypoint Preview

Instruction
call 00007FF5BC8C82A6h
jmp 00007FF5BC8C7A29h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007FF5BC8C7BCBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007FF5BC8C7BBCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007FF5BC8C7BBEh
add edx, 28h
cmp edx, esi
jne 00007FF5BC8C7B9Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007FF5BC8C7BABh
push esi
call 00007FF5BC8C857Dh
test eax, eax
je 00007FF5BC8C7BD2h
mov eax, dword ptr fs:[00000018h]
mov esi, 0042E254h
mov edx, dword ptr [eax+04h]
jmp 00007FF5BC8C7BB6h
cmp edx, eax
je 00007FF5BC8C7BC2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007FF5BC8C7BA2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007FF5BC8C7BB9h
mov byte ptr [0042E258h], 00000001h
call 00007FF5BC8C7DB3h
call 00007FF5BC8CAB10h
test al, al
jne 00007FF5BC8C7BB6h
xor al, al
pop ebp
ret
call 00007FF5BC8D37B0h
test al, al
jne 00007FF5BC8C7BBCh
push 00000000h
call 00007FF5BC8CAB17h
pop ecx
jmp 00007FF5BC8C7B9Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [0042E259h], 00000000h
je 00007FF5BC8C7BB6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2c5fc	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x60000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x61000	0x1a60	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2aba8	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2aae8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x23000	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2120f	0x21400	0259f14c144706b277635ed1ab0291c1	False	0.5809592340225563	data	6.627111363402685	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x23000	0x9d30	0x9e00	4ac3dfb1efdf79208f4c0db2bef44157	False	0.4347804588607595	data	4.959230681067143	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2d000	0x1d54	0x1000	96f6fc94400f9b3c80d126cafa6f2df3	False	0.190673828125	data	3.018020491461944	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.Left	0x2f000	0x300ec	0x30200	b0ab413fbd3df6b5d08a9255fbc8df24	False	0.9971438717532467	PGP Secret Sub-key -	7.998283255850867	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x60000	0x1e0	0x200	b0719d9fb6f6593878cf5c523f13af07	False	0.52734375	data	4.701503258251789	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x61000	0x1a60	0x1c00	ffa018fa0ff6a602e133d892d6803856	False	0.7205636160714286	data	6.362035067940247	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x60060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL

Import

USER32.dll

OpenIcon

KERNEL32.dll

LoadLibraryExW, CreateFileW, VirtualProtect, FreeConsole, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapSize, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, WriteConsoleW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, ReadConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 23:45:49.704299927 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.704349041 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:49.704413891 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.710519075 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.710541964 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:49.898083925 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:49.898293018 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.945122004 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.945137024 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:49.945533037 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:49.945590019 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.949198008 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:49.992119074 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.249252081 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.249279022 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.249293089 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.249346972 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.249371052 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.249394894 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.249424934 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.335556984 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.335602045 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.335634947 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.335644007 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.335675001 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.335688114 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.351237059 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.351273060 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.351311922 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:50.351313114 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.351346970 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.351368904 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.351957083 CEST	49730	443	192.168.2.4	104.105.90.131
May 2, 2024 23:45:50.351970911 CEST	443	49730	104.105.90.131	192.168.2.4
May 2, 2024 23:45:51.790647030 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:51.976289034 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:51.976366043 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:51.977089882 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:52.163177013 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:52.190546036 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:52.190625906 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:52.190629959 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:52.190674067 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:52.921133041 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.106533051 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.106658936 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.107150078 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.331017971 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.615655899 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.615739107 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.618604898 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.802699089 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.802788973 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.803042889 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.988917112 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.989061117 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:53.989150047 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.989566088 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:53.991019964 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.174280882 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.564471960 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.564537048 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.565793991 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.566137075 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.749483109 CEST	9000	49731	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.749510050 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.749568939 CEST	49731	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.749615908 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.749953032 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.934305906 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.934443951 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:54.934499025 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.934794903 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:54.936314106 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:55.119627953 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:55.504204988 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:55.504230022 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:55.504267931 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:55.504306078 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.371469975 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.372379065 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.554893017 CEST	9000	49733	95.217.245.42	192.168.2.4
May 2, 2024 23:45:56.555012941 CEST	49733	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.555460930 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:56.555520058 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.556166887 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.744177103 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:56.744196892 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:56.744282007 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.744632006 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.746522903 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:56.929640055 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.303774118 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.303793907 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.303855896 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.303872108 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.303911924 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.303925991 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.303962946 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.303975105 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.304020882 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.509958982 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.510312080 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.693392992 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.693414927 CEST	9000	49734	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.693523884 CEST	49734	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.693542004 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.693878889 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.877100945 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.877116919 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:57.877168894 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.877471924 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.879256964 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:57.879324913 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.064246893 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.064378977 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.496191025 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.496603012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.542937994 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.543121099 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.679483891 CEST	9000	49735	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.679599047 CEST	49735	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.695780039 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.695868969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.696140051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.895275116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.895605087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:58.895661116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.895905018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:58.897376060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.096503973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.096815109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.096884966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.096890926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.096939087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.096946001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.096980095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.096992016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097028017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097032070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097057104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097079992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097093105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097146988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097193003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097213030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097258091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097258091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097304106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.097326994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.097378969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.110905886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.110975027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.297530890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.297549963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.297641039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.303550959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.303615093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.303634882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.303685904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.318432093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.318514109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.318582058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.318627119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.332087040 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.332140923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.332247972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.332294941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.345254898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.345271111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.345462084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.359533072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.359678030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.359777927 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.359777927 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.371393919 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.371512890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.371556044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.371556044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.384944916 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.385006905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.385121107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.385121107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.398490906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.398542881 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.398663998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.398708105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.412201881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.412214994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.412275076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.425724983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.425829887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.425873995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.425901890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.497186899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.497203112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.497279882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.503041983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.503053904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.503153086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.514800072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.514828920 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.514898062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.526510954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.526523113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.526555061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.526566982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.538253069 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.538266897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.538309097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.550018072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.550065994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.550081968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.550106049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.561697960 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.561737061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.561741114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.561774969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.573450089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.573468924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.573496103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.573508024 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.585664988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.585683107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.585727930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.585756063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.596838951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.596899033 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.596906900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.596947908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.608660936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.608740091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.608788013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.608834028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.619821072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.619894981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.620138884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.620193958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.630486965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.630515099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.630709887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.640413046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.640475035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.640522957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.640583038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.650609016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.650645971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.650681973 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.650698900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.660546064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.660603046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.660653114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.660723925 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.670803070 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.670861959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.670881033 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.670905113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.681843996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.681857109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.681915045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.690730095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.690789938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.690805912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.690855026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.700723886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.700793982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.700840950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.700906038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.709068060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.709084988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.709147930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.715905905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.715960026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.715967894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.716012001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.721432924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.721494913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.721551895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.721596956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.727767944 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.727809906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.727827072 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.727854967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.732172012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.732232094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.732233047 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.732280970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.738246918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.738322973 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.738356113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.738411903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.744313955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.744328022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.744376898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.750282049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.750336885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.750353098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.750403881 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.756273985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.756287098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.756315947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.756333113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.762265921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.762306929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.762316942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.762372971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.769977093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.769990921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.770020008 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.770030975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.774358988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.774400949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.774430037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.774467945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.780036926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.780049086 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.780095100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.785980940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.786030054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.786041021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.786084890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.791807890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.791837931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.791872025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.791882038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.797677994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.797723055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.797744036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.797786951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.803472996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.803507090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.803535938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.803544998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.809112072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.809125900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.809155941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.809186935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.814759016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.814795017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.814826965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.814835072 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.820471048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.820509911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.820530891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.820576906 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.826030970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.826042891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.826075077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.826087952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.831635952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.831648111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.831684113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.837161064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.837188005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.837220907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.837244987 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.842745066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.842757940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.842794895 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.848264933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.848292112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.848340988 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.853751898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.853769064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.853796005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.853818893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.858659983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.858686924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.858717918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.863920927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.863933086 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.863962889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.863989115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.869116068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.869152069 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.869184017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.869195938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.880127907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.880166054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.880177021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.880188942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.880194902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.880215883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.880239010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.884234905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.884248972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.884275913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.884298086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.889256954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.889273882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.889302969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.889312983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.894150972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.894174099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.894198895 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.894211054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.902708054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.902721882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.902749062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.902771950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.905529022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.905572891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.905713081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.905755043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.909351110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.909394979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.909518003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.909559011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.913180113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.913192987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.913220882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.913249016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.916788101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.916801929 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.916834116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.916852951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.920913935 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.920933008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.920962095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.920980930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.924417019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.924433947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.924463987 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.924496889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.928143024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.928154945 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.928183079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.928196907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.931206942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.931219101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.931247950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.931258917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.933705091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.933721066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.933748007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.933763027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.936858892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.936872005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.936904907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.936934948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.940272093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.940284967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.940320015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.940334082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.943600893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.943655968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.943669081 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.943717003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.946871042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.946886063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.946916103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.946948051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.950160980 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.950176001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.950207949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.950217962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.953489065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.953525066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.953531027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.953564882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.956475973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.956487894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.956521034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.959583998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.959611893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.959625959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.959673882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.962774038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.962785959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.962816954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.962827921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.965832949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.965845108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.965873957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.965888023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.968830109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.968867064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.968873024 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.968909025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.972019911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.972033978 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.972063065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.972094059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.974980116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.974991083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.975023031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.975039005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.977929115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.977941990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.977972031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.977983952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.980950117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.980999947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.981003046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.981055021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.983817101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.983870983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.983884096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.983927011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.990086079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.990130901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.990264893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.990308046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.991041899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.991081953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.991219997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.991264105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.992321968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.992362022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.992382050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.992427111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.995013952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.995028019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.995058060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.995089054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:45:59.997914076 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.997925043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:45:59.997972965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.000505924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.000554085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.000566959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.000605106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.003335953 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.003391027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.003396988 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.003433943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.006062984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.006104946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.006119013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.006165028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.009691954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.009749889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.009880066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.009918928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.012660027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.012671947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.012706041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.012723923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.015558958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.015571117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.015634060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.017857075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.017915964 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.017987967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.018040895 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.019042969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.019085884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.019100904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.019148111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.021553993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.021564960 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.021599054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.021620989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.023973942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.024017096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.024036884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.024076939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.026562929 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.026582003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.026606083 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.026628971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.029097080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.029134989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.029139996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.029179096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.031605959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.031618118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.031651020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.031678915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.033943892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.033982038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.033986092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.034028053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.036366940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.036379099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.036406994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.036417961 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.039022923 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.039067030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.039081097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.039120913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.041207075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.041218996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.041249990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.041274071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.043668032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.043678999 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.043709993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.046071053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.046089888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.046114922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.046156883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.048526049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.048554897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.048583031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.048595905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.050717115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.050757885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.050780058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.050817966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.053004026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.053044081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.053046942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.053078890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.055303097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.055347919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.055354118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.055393934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.057667971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.057679892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.057710886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.057744980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.059926987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.059981108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.059992075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.060034037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.062262058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.062274933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.062304020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.062314034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.064415932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.064428091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.064457893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.064467907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.066732883 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.066744089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.066773891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.066783905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.068881989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.068892956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.068924904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.071188927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.071223021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.071255922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.071296930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.073363066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.073400021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.073406935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.073432922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.075527906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.075540066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.075565100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.075582981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.077718973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.077730894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.077764034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.077780008 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.079925060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.079957008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.079968929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.079996109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.082189083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.082201004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.082231998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.082262039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.084383965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.084395885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.084429979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.084441900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.086467028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.086479902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.086509943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.086520910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.088547945 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.088586092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.088597059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.088627100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.090636969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.090648890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.090678930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.090689898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.092824936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.092852116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.092881918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.092911005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.094784975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.094795942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.094825029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.094835997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.096865892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.096878052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.096911907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.096925020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.098861933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.098902941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.098906040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.098942041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.100924015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.100965023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.100970030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.101011992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.102973938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.102998972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.103029966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.103060961 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.105042934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.105086088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.105103016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.105155945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.106970072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.107013941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.107042074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.107084990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.109003067 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.109040022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.109045982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.109081984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.111069918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.111108065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.111114979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.111156940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.113023043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.113049030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.113084078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.114914894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.114959955 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.114989042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.115036011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.116837978 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.116880894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.116914988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.116971016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.118871927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.118913889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.118920088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.118958950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.120697975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.120740891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.120788097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.120827913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.122788906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.122839928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.122840881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.122880936 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.124422073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.124480009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.124496937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.124538898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.126288891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.126332998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.126352072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.126394987 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.128148079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.128190041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.128345013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.128406048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.130022049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.130067110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.130115032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.130167007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.132023096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.132062912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.132124901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.132163048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.133903027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.133945942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.134015083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.134054899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.135608912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.135664940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.135673046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.135711908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.137383938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.137419939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.137468100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.137511015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.139281988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.139323950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.139431953 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.139473915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.140898943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.140948057 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.140964985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.141021967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.142720938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.142765045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.142801046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.142843962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.144500971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.144545078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.144551039 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.144589901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.146204948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.146245956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.146255016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.146294117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.148001909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.148046970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.148255110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.148297071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.149710894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.149749994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.149799109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.149836063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.151566982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.151608944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.151627064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.151680946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.153167009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.153202057 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.153223991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.153266907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.154843092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.154882908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.154925108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.154963970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.156454086 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.156512022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.156542063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.156586885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.158149958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.158188105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.158240080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.158281088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.159780025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.159821033 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.159841061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.159876108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.161432028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.161473989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.161509991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.161556959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.163135052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.163180113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.163208961 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.163260937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.164689064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.164729118 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.164748907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.164787054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.166382074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.166419983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.166439056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.166477919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.167985916 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.168026924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.168031931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.168070078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.169651985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.169694901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.169748068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.169790983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.171237946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.171277046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.171318054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.171356916 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.174179077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.174205065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.174238920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.174257040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.174459934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.174501896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.174550056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.174588919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.176052094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.176093102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.176146984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.176188946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.177648067 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.177686930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.177726984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.177763939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.179095984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.179138899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.179156065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.179193974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.180583954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.180622101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.180664062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.180702925 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.182280064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.182322979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.182346106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.182384014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.184497118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.184537888 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.184602976 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.184655905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.185280085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.185318947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.185324907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.185360909 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.186764002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.186830044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.186913967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.186950922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.188297987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.188343048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.188385963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.188426018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.189743042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.189785004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.189809084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.189847946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.191282034 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.191323042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.191339970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.191378117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.192753077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.192796946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.192814112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.192857027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.194233894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.194276094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.194299936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.194341898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.195833921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.195873976 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.195887089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.195992947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.197140932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.197206020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.197387934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.197431087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.198548079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.198590040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.198637009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.198678970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.199971914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.200014114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.200026989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.200071096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.202490091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.202532053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.202572107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.202613115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.205218077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.205262899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.205329895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.205369949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.208832026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.208888054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.209059954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.209112883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.211807966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.211849928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.211903095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.211939096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.214575052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.214591980 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.214617014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.214631081 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.216988087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.217026949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.217026949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.217067003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.219739914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.219803095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.219819069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.219844103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.221153975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.221199036 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.221206903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.221246958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.223684072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.223701954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.223726034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.223742962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.226658106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.226701021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.226713896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.226753950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.228135109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.228152037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.228179932 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.228190899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.230961084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.230999947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.231036901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.231050968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.233131886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.233181000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.233304977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.233347893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.235575914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.235615015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.235639095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.235685110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.239139080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.239182949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.239207983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.239247084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.241324902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.241359949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.241399050 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.241410017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.243999004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.244040012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.244061947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.244107008 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.246486902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.246527910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.246567011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.246613026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.247665882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.247708082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.247733116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.247770071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.250025034 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.250067949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.250107050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.250145912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.252240896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.252279043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.252317905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.252326012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.254614115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.254657984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.254703045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.254743099 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.256913900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.256961107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.257024050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.257066011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.259239912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.259284019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.259363890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.259402990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.261465073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.261504889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.261529922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.261569977 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.263643026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.263695002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.263895035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.263933897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.266047955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.266091108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.266287088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.266328096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.268332958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.268374920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.268604040 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.268646002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.272150993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.272190094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.272191048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.272228956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.272630930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.272671938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.272730112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.272769928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.274862051 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.274919033 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.274961948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.274997950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.276921034 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.276968002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.276983976 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.277041912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.277153015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.279108047 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.279160023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.279194117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.279234886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.281356096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.281398058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.281456947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.281501055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.283705950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.283746004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.283802986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.283842087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.285759926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.285814047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.286111116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.286154032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.287802935 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.287842989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.287872076 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.287910938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.289829969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.289866924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.289911032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.289952040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.292105913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.292146921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.292150974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.292187929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.294224024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.294270992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.294286966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.294310093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.296245098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.296286106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.296369076 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.296422005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.298270941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.298310995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.298368931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.298408985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.300225973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.300267935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.300307035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.300343990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.302165985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.302206039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.302229881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.302268982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.304176092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.304210901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.304270983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.304308891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.306210995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.306248903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.306287050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.306329966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.308212042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.308254004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.308258057 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.308312893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.310321093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.310372114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.310419083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.310460091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.312338114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.312378883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.312408924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.312460899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.315608025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.315655947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.315673113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.315690994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.316227913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.316268921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.316293001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.316345930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.318120956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.318161011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.318186045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.318222046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.320127964 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.320168972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.320214033 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.320252895 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.321988106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.322029114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.322074890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.322114944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.323852062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.323901892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.323909998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.323937893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.325581074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.325598955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.325628996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.325628996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.327364922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.327404022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.327420950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.327459097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.329118967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.329161882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.329200983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.329245090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.331120014 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.331157923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.331182957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.331223011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.333098888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.333132029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.333216906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.333261967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.334779024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.334819078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.334844112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.334893942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.336680889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.336714029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.336740017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.336749077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.338529110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.338563919 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.338567972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.338599920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.340070963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.340089083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.340109110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.340131044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.476255894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.476284981 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.476330042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.476368904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.476552010 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.476582050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.476596117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.476620913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.477193117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.477210045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.477236032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.477247953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.477902889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.477921009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.477945089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.477967978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.478704929 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.478741884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.478760958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.478790998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.479343891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.479392052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.479430914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.479475975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.480000019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.480016947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.480045080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.480055094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.480691910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.480732918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.480743885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.480783939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.481364965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.481393099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.481410980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.481432915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.482297897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.482316017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.482348919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.482357979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.483218908 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.483266115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.483289957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.483330965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.483778000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.483819962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.483838081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.483880997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.484297037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.484340906 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.484473944 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.484513998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.484894991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.484931946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.484949112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.484992981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.486042023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.486092091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.486578941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.486624956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.486649036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.486690998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.486974955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.487013102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.487018108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.487052917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.487629890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.487675905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.487699032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.487741947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.488322020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.488364935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.488404989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.488445997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.489109993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.489160061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.489176035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.489223957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.489589930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.489638090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.489677906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.489722013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.490300894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.490345955 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.490407944 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.490452051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.491007090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.491044998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.491051912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.491087914 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.491707087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.491748095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.491754055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.491799116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496014118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496062994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496273994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496310949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496318102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496347904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496354103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496387005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496390104 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496424913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496429920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496463060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496469021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496500015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496507883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496543884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496571064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.496612072 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.496957064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.497001886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.497445107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.497489929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.497602940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.497643948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.498385906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.498430967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.498508930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.498550892 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.498969078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.499006987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.499013901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.499047995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.499583006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.499624014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.499747992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.499802113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.500332117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.500375986 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.500375986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.500416040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.500969887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501008034 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501013041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501055956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501305103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501357079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501362085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501394033 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501400948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501431942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501437902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501468897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501470089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501516104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.501523972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.501559019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.502224922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.502284050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.502290010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.502329111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.502783060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.502836943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.502842903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.502877951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.503259897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.503295898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.503304005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.503339052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.503981113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.504018068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.504023075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.504060030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.504673004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.504709959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.504713058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.504753113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.505333900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.505382061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.505387068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.505426884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.506043911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.506081104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.506089926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.506120920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.506700993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.506737947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.506743908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.506781101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.507379055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.507420063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.507424116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.507462978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.508141994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.508179903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.508188009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.508223057 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.508780956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.508819103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.508821011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.508863926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.509438038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.509476900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.509479046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.509520054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.510257006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.510297060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.510303020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.510340929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.510867119 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.510904074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.510911942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.510953903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.511499882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.511538982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.511547089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.511584997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.512232065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.512324095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.512326956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.512367964 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.513333082 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.513377905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.513586998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.513632059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517040968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517080069 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517085075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517122984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517182112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517218113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517225027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517256021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517261028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517293930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517297983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517330885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517337084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517368078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.517374992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.517415047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.518049955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.518086910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.518096924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.518131971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.518769979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.518816948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.518894911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.518938065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.519428015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.519471884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.519572020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.519613981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.520308018 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.520349979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.520442009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.520498991 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.520719051 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.520764112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.520870924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.520915031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.521605968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.521641970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.521648884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.521683931 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.522187948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.522224903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.522231102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.522269011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.522908926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.522945881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.522952080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.522990942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.523597002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.523633957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.523642063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.523675919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.524190903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.524230957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.524360895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.524405003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.524825096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.524863005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.524864912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.524904013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.527276993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.527312040 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:00.527318954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.527355909 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:00.907929897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.107610941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.107717037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.107743025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.107759953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.108160973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.108201981 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.108205080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.108246088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.108695030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.108747959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.108777046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.108822107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.109018087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.109061003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.109097004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.109143019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.109972000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.110019922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.110022068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.110064983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.110430002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.110476017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.110519886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.110565901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.111057043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.111104012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.111140013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.111188889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.111732006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.111778975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.111824989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.111865044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.112457991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.112495899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.112504005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.112543106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.113176107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.113218069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.113248110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.113291025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.113802910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.113862038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.113889933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.113934994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.114485979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.114523888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.114532948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.114568949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.115169048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.115210056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.115221024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.115266085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.116183043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.116221905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.116230965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.116266012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.116611958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.116648912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.116662979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.116694927 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.117203951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.117250919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.117296934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.117336988 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.118182898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.118278980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.118280888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.118323088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.118618965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.118665934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.118710995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.118752956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.119419098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.119462967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.119494915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.119538069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.120340109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.120395899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.120526075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.120573997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.120605946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.120649099 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.121603966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.121666908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.121680975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.121726990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.121992111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.122036934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.122040987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.122083902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.122551918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.122591019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.122597933 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.122636080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.123270988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.123317957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.123320103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.123364925 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.123805046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.123846054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.123864889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.123902082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.124456882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.124504089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.124519110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.124564886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.125001907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.125041008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.125046015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.125092983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.125734091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.125782013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.125863075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.125907898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.126395941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.126432896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.126442909 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.126482010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.127135992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.127181053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.127207994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.127253056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.127791882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.127829075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.127837896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.127882004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.128504038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.128566027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.128571987 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.128611088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.129158974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.129199028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.129200935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.129236937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.129839897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.129878044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.129955053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.130001068 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.130501986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.130546093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.130594969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.130645990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.131248951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.131287098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.131297112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.131330967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.131896019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.131933928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.131942034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.131979942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.132644892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.132690907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.132774115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.132819891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.133316994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.133363008 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.133404016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.133449078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.134113073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.134159088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.134206057 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.134252071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.134677887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.134727955 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.134742022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.134785891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.135343075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.135380983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.135389090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.135421991 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.136044979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.136081934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.136122942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.136142969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.136701107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.136751890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.136761904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.136810064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.137413979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.137468100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.137487888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.137536049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.138149023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.138185978 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.138205051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.138223886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.138695002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.138777971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.138789892 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.138824940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.139405012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.139455080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.139494896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.139540911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.140173912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.140211105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.140223026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.140275002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.140846968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.140889883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.140918970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.140969992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.141491890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.141539097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.141545057 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.141587019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.142215967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.142266035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.142309904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.142378092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.142877102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.142925978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.142935038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.143018007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.143688917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.143727064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.143737078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.143771887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.144251108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.144293070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.144337893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.144383907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.144951105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.144988060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.144999027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.145032883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.145590067 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.145653009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.145677090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.145725965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.146419048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.146476030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.146476030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.146522999 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.146987915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.147026062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.147037029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.147069931 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.147675991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.147713900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.147723913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.147757053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.148389101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.148427963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.148436069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.148471117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.149069071 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.149127007 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.149136066 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.149173975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.149998903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.150047064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.150125027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.150172949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.150428057 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.150490999 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.150501966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.150556087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.151102066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.151170969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.151177883 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.151226997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.151958942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.151997089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.152017117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.152049065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.152517080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.152565956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.152602911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.152650118 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.153167009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.153217077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.153239012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.153285980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.154150963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.154213905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.154238939 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.154289007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.154962063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.155018091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.155066013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.155121088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.155471087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.155508995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.155519009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.155551910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.155901909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.155947924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.155958891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.156006098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.156589985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.156634092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.156666994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.156713009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.157309055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.157351971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.157397032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.157438040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.158147097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.158183098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.158193111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.158225060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.158682108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.158721924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.158730030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.158773899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.159353018 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.159394026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.159420013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.159430981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.160583973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.160629988 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.160641909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.160681963 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.160706997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.160748959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.160774946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.160814047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.161489964 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.161530972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.161556005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.161592960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.162240028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.162280083 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.162311077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.162348986 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.162795067 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.162836075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.162925959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.162962914 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.163531065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.163580894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.163594961 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.163639069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.164161921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.164206982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.164263010 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.164297104 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.165154934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.165213108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.165236950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.165275097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.165492058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.165532112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.165554047 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.165595055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.166328907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.166361094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.166378975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.166393042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.166861057 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.166908979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.166908979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.166953087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168311119 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.168359995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.168361902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168400049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168847084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.168899059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.168924093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168932915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168947935 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.168987989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.168997049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.169039011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.170022011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.170079947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.170090914 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.170115948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.170269012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.170308113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.170398951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.170444965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.170957088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.171031952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.171046972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.171097040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.171653032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.171700001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.171749115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.171791077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.172319889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.172369957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.172394991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.172441006 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.173048019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.173090935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.173114061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.173155069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.173727036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.173770905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.173794985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.173835993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.174396038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.174437046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.174483061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.174526930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.175216913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.175261021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.175323963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.175364971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.175883055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.175925970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.175935030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.175978899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.176496029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.176537037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.176575899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.176624060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.177294970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.177337885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.177351952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.177392960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.177829027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.177871943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.177885056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.177926064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.178563118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.178612947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.178633928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.178685904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.179305077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.179352999 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.179390907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.179433107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.180001020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.180042982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.180118084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.180160046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.180730104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.180778980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.180789948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.180824995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.181432962 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.181482077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.181495905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.181533098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.182024956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.182066917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.182077885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.182120085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.182770967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.182816029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.182821989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.182854891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.183439016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.183485031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.183523893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.183562994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.184026003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.184068918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.184077024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.184117079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.184801102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.184843063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.184875965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.184915066 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.185385942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.185426950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.185442924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.185482025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.186121941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.186162949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.186187029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.186225891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.186765909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.186803102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.186827898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.186877966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.187494993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.187535048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.187572956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.187618017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.188152075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.188173056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.188193083 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.188208103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.188824892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.188864946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.188904047 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.188941956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.189511061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.189549923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.189577103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.189616919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.190248013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.190314054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.190330029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.190382957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.190911055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.190927982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.190958977 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.190973043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.191607952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.191644907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.191674948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.191720963 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.192267895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.192312002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.192329884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.192370892 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.192960024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.193001986 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.193041086 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.193082094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.193635941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.193675995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.193696976 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.193731070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.194360971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.194401979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.194506884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.194547892 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.194983959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.195024014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.195090055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.195127010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.195772886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.195813894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.195909023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.195950985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.196396112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.196413040 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.196435928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.196448088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.197124004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.197164059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.197297096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.197336912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.197861910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.197904110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.197910070 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.197947025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.198472977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.198523045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.198720932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.198762894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.199208021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.199251890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.199332952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.199373960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.199881077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.199928045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.200067043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.200117111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.200489998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.200560093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.200599909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.200643063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.201206923 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.201250076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.201476097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.201536894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.201890945 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.201932907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.201936007 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.201976061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.202507019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.202547073 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.202586889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.202630043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.203341007 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.203383923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.203424931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.203465939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.203933001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.203969955 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.203996897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.204035044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.204631090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.204673052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.204726934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.204766035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.205367088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.205401897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.205411911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.205439091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.206087112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.206130028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.206142902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.206182003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.206768990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.206810951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.206850052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.206890106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.207411051 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.207453966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.207479000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.207520008 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.208086967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.208146095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.208146095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.208194017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.208765984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.208808899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.208833933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.208873034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.209476948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.209521055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.209538937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.209578037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.210200071 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.210241079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.210445881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.210489035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.211050987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.211118937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.211241007 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.211282969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.211595058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.211617947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.211636066 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.211654902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.307157993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.307183981 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.307224035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.307240963 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.307437897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.307487965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.307552099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.307593107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.308810949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.308861017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.308907032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.308949947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.309089899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.309130907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.309180975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.309218884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.309773922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.309817076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.309837103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.309880972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.310709000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.310751915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.310777903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.310817957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.311289072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.311327934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.311335087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.311367989 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.311907053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.311949968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.312000990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.312041044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.312926054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.312971115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.313003063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.313045025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.313388109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.313431978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.313471079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.313513041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.314232111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.314296961 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.314315081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.314354897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.314594984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.314636946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.314645052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.314691067 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.315277100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.315319061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.315334082 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.315372944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.315906048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.315951109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.316072941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.316121101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.316639900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.316680908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.316720963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.316761971 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.317287922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.317329884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.317343950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.317384958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.318043947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.318084955 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.318089962 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.318130970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.318880081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.318921089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.318977118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.319017887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.319421053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.319463015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.319514990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.319552898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.322762966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.322812080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.322813988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.322854042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.322964907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.323002100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.323041916 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.323084116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.323647022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.323688030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.323740959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.323780060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.324390888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.324464083 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.324528933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.324569941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.325012922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.325052977 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.325129032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.325169086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.325645924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.325686932 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.325732946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.325772047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.326376915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.326419115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.326442003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.326482058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.327049971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.327092886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.327117920 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.327156067 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.327696085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.327738047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.327761889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.327802896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.328392982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.328432083 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.328485012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.328524113 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.329085112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.329123974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.329164028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.329205036 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.329864025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.329902887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.329927921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.329967022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.330471039 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.330513954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.330539942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.330579996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.331135988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.331176043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.331196070 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.331234932 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.332001925 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.332041979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.332067013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.332113981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.332582951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.332628012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.332690954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.332731009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.333281994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.333323956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.333344936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.333384991 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.334136963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.334177017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.334240913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.334284067 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.334695101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.334733963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.334753036 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.334770918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.335303068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.335346937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.335393906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.335433960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.336093903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.336139917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.336203098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.336239100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.336719036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.336764097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.336797953 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.336834908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.337291002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.337332010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.337647915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.337692022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.337717056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.337758064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.338289022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.338330984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.338371038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.338411093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.338992119 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.339032888 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.339072943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.339108944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.339673996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.339720011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.339761019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.339807034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.340363979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.340413094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.340434074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.340480089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.340989113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.341033936 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.341078043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.341119051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.341703892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.341747046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.341801882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.341842890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.342397928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.342443943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.342470884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.342515945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.343136072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.343179941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.343187094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.343228102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.343812943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.343852997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.343899965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.343943119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.344496965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.344540119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.344574928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.344621897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.345413923 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.345479012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.345494986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.345534086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.345952988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.345992088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.346056938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.346101046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.346573114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.346618891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.346657991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.346704006 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.347197056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.347238064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.347251892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.347297907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.347848892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.347902060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.347919941 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.347964048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.348689079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.348736048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.348779917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.348818064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.349280119 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.349329948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.349385977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.349432945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.349977016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.350020885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.350025892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.350066900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.350703955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.350748062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.350773096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.350811005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.351337910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.351381063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.351392984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.351433992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.352050066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.352092028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.352143049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.352180958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.352756023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.352813959 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.352839947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.352880001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.353389025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.353437901 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.353462934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.353506088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.354183912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.354223013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.354284048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.354322910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.354965925 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.354986906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.355012894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.355025053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.355456114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.355495930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.355526924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.355542898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.356173992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.356215954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.356267929 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.356308937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.356808901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.356853962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.356863022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.356903076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.357512951 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.357558012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.357974052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.358021021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.358390093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.358434916 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.358474016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.358514071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.358877897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.358917952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.358951092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.358989000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.359671116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.359719992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.359740973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.359782934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.360253096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.360296965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.360344887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.360388994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.360966921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.361006021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.361044884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.361087084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.361749887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.361793041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.361813068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.361852884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.362360954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.362400055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.362422943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.362462044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.363018990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.363059044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.363085032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.363125086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.363717079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.363755941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.363795042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.363838911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.364387035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.364433050 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.364474058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.364514112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.365111113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.365128040 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.365145922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.365169048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.365716934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.365756989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.365782976 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.365799904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.366552114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.366596937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.366622925 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.366669893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.367172003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.367213964 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.367268085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.367309093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.367855072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.367898941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.367938042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.367978096 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.368482113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.368524075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.368537903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.368577957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.369182110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.369225025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.369262934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.369303942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.370034933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.370078087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.370102882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.370145082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.370562077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.370608091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.370632887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.370675087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.371218920 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.371264935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.371285915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.371325970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.371872902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.371922016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.371936083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.371978045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.372682095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.372723103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.372786045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.372828007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.373303890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.373347044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.373380899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.373420000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.374023914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.374073029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.374079943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.374119997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.374686956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.374732018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.374769926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.374809980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.375485897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.375503063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.375530005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.375545979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.376084089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.376152992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.376167059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.376205921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.376687050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.376732111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.376770020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.376811028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.377450943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.377494097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.377520084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.377559900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.378073931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.378117085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.378142118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.378181934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.378839016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.378880024 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.378894091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.378933907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.379475117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.379511118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.379519939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.379550934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.380197048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.380239010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.380259037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.380300045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.380883932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.380923986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.380928040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.380964994 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.381565094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.381607056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.381633043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.381680965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.382245064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.382280111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.382325888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.382369995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.382956982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.383001089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.383045912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.383086920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.383682013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.383723974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.383763075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.383802891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.384300947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.384340048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.384344101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.384385109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.384994984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.385036945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.385055065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.385096073 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.385678053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.385720968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.385730982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.385771990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.386396885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.386434078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.386461020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.386472940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.387020111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.387057066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.387079954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.387095928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.387756109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.387801886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.387813091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.387851000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.388447046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.388489962 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.388515949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.388550997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.389103889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.389142036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.389146090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.389177084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.389786959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.389827967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.389853954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.389893055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.390453100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.390495062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.390535116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.390573025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.391191959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.391233921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.391258001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.391298056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.391885996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.391923904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.391983986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.392023087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.392518997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.392561913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.392587900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.392627001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.393170118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.393210888 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.393237114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.393275976 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.393893003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.393932104 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.393955946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.393994093 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.394639015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.394680023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.394726038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.394767046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.395231962 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.395272017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.395349979 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.395381927 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.396190882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.396209955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.396239042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.396246910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.396621943 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.396686077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.396708965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.396745920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.397294998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.397337914 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.397454023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.397490978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.398081064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.398118973 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.398216963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.398255110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.398657084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.398698092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.398722887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.398765087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.399396896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.399440050 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.399506092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.399559021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.400043011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.400084972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.400122881 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.400161982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.400749922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.400793076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.400921106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.400962114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.401571035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.401624918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.401757002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.401757002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.402148008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.402193069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.402287960 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.402328014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.402950048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.402991056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.403012037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.403052092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.403537035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.403553963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.403599977 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.404256105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.404289007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.404289007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.404321909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.404366970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.404912949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.404953957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.405097008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.405132055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.405649900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.405692101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.405710936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.405752897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.406310081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.406342030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.406351089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.406382084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.406869888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.406915903 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.406932116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.406949997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.407548904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.407566071 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.407593012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.407604933 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.408209085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.408242941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.408257008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.408298016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.408972025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.408988953 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.409014940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.409024954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.409898996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.409936905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.409941912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.409976006 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.410362959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.410381079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.410403013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.410414934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.411004066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.411043882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.411046028 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.411083937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.411659956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.411689997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.411700010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.411726952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.412355900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.412373066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.412398100 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.412411928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.413016081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.413033009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.413058043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.413068056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.413707972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.413749933 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.413825989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.413866997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.414393902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.414434910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.414460897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.414500952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.415143013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.415184021 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.415244102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.415283918 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.415761948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.415781021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.415806055 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.415816069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.416488886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.416532040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.416587114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.416626930 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.417145014 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.417207956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.417298079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.417337894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.417828083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.417845964 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.417897940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.418513060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.418549061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.418562889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.418596029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.419317961 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.419361115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.419409990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.419447899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.419960976 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.419989109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.420001984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.420026064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.420624018 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.420641899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.420665026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.420675993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.421289921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.421331882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.421334028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.421372890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.422086954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.422125101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.422132969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.422173023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.422727108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.422766924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.422787905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.422826052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.423433065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.423469067 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.423527002 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.423566103 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.424173117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.424215078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.424221992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.424263954 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.424745083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.424784899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.424788952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.424824953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.425527096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.425544024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.425570011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.425585032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.426132917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.426151037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.426177025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.426187038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.426842928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.426858902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.426887035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.426897049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.427525997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.427566051 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.427592993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.427609921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.428224087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.428241014 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.428266048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.428275108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.428834915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.428853035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.428874969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.428885937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.429536104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.429552078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.429579020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.429594040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.430177927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.430218935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.430227995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.430272102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.430932999 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.430963993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.430974960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.431004047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.431590080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.431606054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.431633949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.431644917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.432275057 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.432291985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.432317019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.432327032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.432980061 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.432996035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.433020115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.433028936 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.433641911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.433681965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.433686018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.433718920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.434325933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.434351921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.434366941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.434390068 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.435079098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.435112000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.435122967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.435152054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.435796022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.435813904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.435841084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.435852051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.436427116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.436469078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.436470985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.436508894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.437088966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.437131882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.437146902 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.437182903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.437783957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.437827110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.437854052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.437863111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.438606024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.438644886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.438648939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.438683987 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.439865112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.439882994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.439898014 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.439908981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.439914942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.439924002 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.439941883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.439955950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.440573931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.440598965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.440617085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.440644026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.441206932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.441225052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.441243887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.441257000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.442414999 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.442459106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.443147898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.443190098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446533918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446557045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446573019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446580887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446588039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446588993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446604967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446609974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446625948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446628094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446639061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446645021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446660042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446667910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446676016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446686983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446691990 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446698904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446707964 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446719885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446723938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446731091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446739912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446753979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446755886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.446763992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446784019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.446796894 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.447335958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.447379112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.447385073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.447424889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.448045015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.448084116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.448117018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.448117018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.448749065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.448766947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.448791027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.448800087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.449415922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.449431896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.449462891 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.449475050 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.450078011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.450094938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.450122118 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.450135946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.450836897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.450854063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.450877905 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.450891018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.451483965 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.451500893 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.451527119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.451538086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.452164888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.452199936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.452205896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.452239990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.453043938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.453061104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.453087091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.453097105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.453604937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.453644037 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.453646898 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.453682899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.454272985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.454307079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.454313993 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.454351902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.454905987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.454948902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.454956055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.454994917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.455627918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.455645084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.455673933 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.455683947 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.456316948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.456335068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.456360102 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.456370115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.456975937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.456991911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.457017899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.457026958 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.457736969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.457776070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.457786083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.457823038 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.458381891 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.458420992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.458446026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.458456993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.459047079 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.459070921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.459089041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.459109068 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.459793091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.459810019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.459835052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.459845066 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.460464954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.460481882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.460508108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.460520983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.461080074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.461107016 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.461121082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.461147070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.461792946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.461810112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.461838007 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.461848974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.462486982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.462505102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.462528944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.462539911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.463156939 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.463174105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.463195086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.463210106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.463857889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.463898897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.463922977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.463963032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.464521885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.464557886 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.464561939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.464597940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.468626976 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.468688965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469362020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469404936 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469584942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469600916 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469624996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469626904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469643116 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469659090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469774961 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469798088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469813108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.469815969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469835997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.469855070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.470128059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.470144033 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.470168114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.470176935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.470956087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.470973969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.470993996 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.471005917 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.472403049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.472419977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.472434998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.472448111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.472450972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.472460985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.472481966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.472487926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.472826004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.472867012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.473011017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.473052025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.473706007 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.473722935 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.473746061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.473761082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.474224091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.474242926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.474261045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.474276066 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.474945068 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.474987030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.475132942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.475173950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.475774050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.475791931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.475816011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.475826025 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.476335049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.476352930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.476382017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.476382017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.477072954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.477128983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.477224112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.477268934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.477890015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.477931023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.478074074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.478115082 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.478563070 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.478599072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.478631020 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.478637934 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.478919029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.478960037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.479098082 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.479135990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.479773045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.479815006 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.479938030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.479978085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.480449915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.480494022 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.480648994 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.480690956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.481302977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.481314898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.481355906 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.481810093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.481821060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.481851101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.481875896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.482625008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.482635975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.482670069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.482688904 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.483120918 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.483160019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.483310938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.483347893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.483992100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.484004974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.484035015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.484044075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.484659910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.484673023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.484703064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.484713078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.485584021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.485627890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.485764980 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.485799074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.486135006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.486146927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.486175060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.486187935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.486639977 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.486680031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.486826897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.486866951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.487332106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.487370968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.487545013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.487579107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.488163948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.488176107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.488205910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.488214016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.488854885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.488867998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.488897085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.488907099 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.489496946 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.489517927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.489536047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.489547968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.490413904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.490426064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.490458012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.490464926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.490912914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.490925074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.490957975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.490964890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.491581917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.491625071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.491765022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.491806030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.492269039 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.492280960 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.492310047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.492319107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.492950916 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.492991924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.493119955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.493160009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.493689060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.493700981 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.493726015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.493742943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.494369984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.494383097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.494410992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.494425058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.495016098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.495057106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.495199919 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.495239019 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.495872974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.495884895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.495909929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.495929003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.496354103 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.496400118 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.496527910 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.496567965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.497042894 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.497082949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.497216940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.497256041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.497608900 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.497621059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.497647047 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.497661114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.498265982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.498306990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.498439074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.498478889 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.499145031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.499186039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.499324083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.499363899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.499838114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.499880075 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.500009060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.500049114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.500530958 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.500543118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.500571012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.500581026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501198053 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501210928 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501240015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501257896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501880884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501893997 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501904964 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501916885 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501923084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501934052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501945019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501956940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501966953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.501975060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501986027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.501995087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.502021074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.502398014 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.502438068 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.502460003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.502505064 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.503139973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.503179073 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.503202915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.503240108 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.503839970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.503878117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.503890991 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.503927946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.504455090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.504501104 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.504539967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.504578114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.505127907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.505166054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.505207062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.505248070 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.505832911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.505871058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.505920887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.505960941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.506824970 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.506863117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.506875992 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.506915092 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.506927967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.506963968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.506978035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.507014990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.507487059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.507525921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.507585049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.507622957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.507651091 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.507684946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.507695913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.507735968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.508374929 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.508414030 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.508460999 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.508497953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.508546114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.508588076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.508632898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.508668900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.509300947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.509361029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.509435892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.509473085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.509485960 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.509526014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.509633064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.509673119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.510212898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.510255098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.510432959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.510473013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.510505915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.510518074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.510545015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.510555029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.511214972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.511257887 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.511301041 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.511338949 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.511351109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.511388063 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.511409044 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.511456013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.511995077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.512032032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.512048006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.512087107 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.512104988 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.512145042 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.512166023 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.512200117 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.513400078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.513442993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.514084101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.514127970 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.514755011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.514792919 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.515253067 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.515285969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518148899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518166065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518177986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518188000 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518198967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518205881 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518215895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518228054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518234968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518250942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518260956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518271923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518276930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518287897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518296003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518306017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518311977 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518348932 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518465996 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518508911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.518846989 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.518887997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.519027948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.519040108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.519067049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.519083023 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.519706011 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.519747972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.519885063 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.519897938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.519932985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.519949913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.520057917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.520103931 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.520726919 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.520781040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.520859003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.520900011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.520936966 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.520948887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.520977974 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.520988941 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.521687031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.521698952 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.521730900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.521745920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.522161961 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.522173882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.522203922 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.522213936 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.522342920 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.522382975 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.522403955 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.522443056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.523271084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523283005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523294926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523307085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523314953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.523334980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.523370028 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.523953915 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523966074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523977041 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523988008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.523997068 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.524019003 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.524044037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.524835110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.524847031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.524882078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.524893045 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.525106907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.525119066 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.525146961 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.525158882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526029110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526041031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526068926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526074886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526087046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526106119 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526204109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526242018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526652098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526664019 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526693106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526701927 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526798010 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526810884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526839972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526848078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.526963949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526976109 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.526985884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.527009010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.527038097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.527137041 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.527179956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.528024912 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.528038025 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.528053045 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.528063059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.528070927 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.528078079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.528110027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.528115988 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.528954983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529000998 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.529133081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529144049 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529156923 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529172897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.529191017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.529846907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529860020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529870033 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529881001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.529887915 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.529923916 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.530204058 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.530216932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.530242920 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.530261040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.530374050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.530411005 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.530872107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.530910969 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.531537056 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.531549931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.531577110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.531585932 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.531717062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.531755924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.532226086 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.532264948 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.532893896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.532907009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.532933950 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.532943010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.533385038 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.533396959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.533426046 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.533435106 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.533559084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.533574104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.533601999 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.533608913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.534239054 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.534277916 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.534408092 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.534419060 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.534446001 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.534455061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.534591913 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.534631014 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536091089 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536108971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536119938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536142111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536154985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536266088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536278009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536289930 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536310911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536329985 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536449909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536462069 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.536489010 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.536510944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.537113905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.537126064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.537137985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.537151098 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.537168026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.537269115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.537307024 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.538096905 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.538141012 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.538280010 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.538291931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.538320065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.538328886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.538461924 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.538500071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.538830042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.538866997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539004087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539016008 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539046049 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539058924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539177895 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539225101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539690971 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539730072 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539875984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539889097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.539915085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.539922953 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.540035009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.540087938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.540740967 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.540785074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.540909052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.540920973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.540950060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.540958881 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.541071892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.541115999 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.541691065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.541728973 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.541857004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.541870117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.541898966 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.541908979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.542040110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.542078972 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.542588949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.542602062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.542613029 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.542629004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.542660952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.542706013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.542749882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.543437004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.543487072 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.543596983 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.543608904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.543641090 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.543653011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.543790102 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.543828011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544123888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544163942 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544307947 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544347048 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544734001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544779062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544873953 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544910908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544934034 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544946909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.544972897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.544991016 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.545135975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.545186043 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.545310974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.545329094 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.545351982 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.545363903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.545494080 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.545536041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.546231985 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546243906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546256065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546268940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546272993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.546298981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.546773911 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546787024 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.546825886 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.546853065 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.547326088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547363997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.547509909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547549009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.547693968 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547705889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547718048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547735929 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.547746897 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.547916889 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.547955990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.548424959 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.548466921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.548612118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.548650026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.548795938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.548813105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.548837900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.548847914 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.549240112 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.549283981 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.549890995 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.549904108 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.549932957 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.549943924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.550431013 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.550442934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.550465107 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.550473928 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.550484896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.550507069 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.550530910 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.550981998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.550995111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.551007032 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.551023960 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.551037073 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.551162004 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.551172972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.551201105 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.551223040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552088022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.552104950 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.552129984 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552139044 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552267075 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.552306890 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552645922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.552663088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.552681923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552696943 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.552983999 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.553021908 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.553162098 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.553173065 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.553204060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.553220034 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.554835081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.554884911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.555027962 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555037975 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555049896 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555062056 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.555079937 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.555690050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555728912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.555857897 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555897951 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.555977106 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555988073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.555998087 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556008101 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556014061 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.556022882 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556030035 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.556039095 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556046009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.556054115 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556063890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.556071997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.556096077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558106899 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558119059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558147907 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558214903 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558657885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558696032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558845043 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558856010 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558866978 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.558875084 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558888912 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.558902979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.559031963 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.559042931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.559063911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.559081078 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560015917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560026884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560038090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560050011 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560065031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560280085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560317993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560748100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560758114 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560781956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560790062 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560916901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560926914 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.560959101 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.560966015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.561610937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.561654091 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.561844110 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.561855078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.561880112 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.561887026 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.562027931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.562062979 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.562535048 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.562572956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.562697887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.562707901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.562732935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.562743902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.562796116 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.562834978 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.563153982 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.563188076 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.563522100 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.563553095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.563713074 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.563747883 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.563891888 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.563924074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564603090 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564613104 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564626932 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564636946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564642906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564650059 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564665079 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564681053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564773083 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564784050 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564794064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564805031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.564811945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564832926 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.564862013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.565567017 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.565577030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.565587044 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.565598965 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.565619946 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.566123009 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.566164017 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.566453934 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.566464901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.566502094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.566502094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.567094088 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.567105055 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.567116022 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.567126036 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.567131042 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.567154884 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.567183018 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.567645073 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.567683935 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.568197012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568207026 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568217039 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568233967 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.568243027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.568751097 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568762064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568775892 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568784952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.568792105 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.568810940 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.568831921 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.569555044 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.569598913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.569757938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.569768906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.569778919 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.569797039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.569807053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.570405006 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.570415974 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.570446968 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.570465088 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.570584059 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.570620060 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.570766926 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.570810080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.571090937 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.571101904 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.571111917 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.571122885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.571130037 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.571145058 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.571165085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.571818113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.571854115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.572308064 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572319031 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572329044 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572372913 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.572932005 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572942972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572952986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.572967052 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.572983027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.573337078 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.573385000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.574944973 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.574955940 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.574965954 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.574989080 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.574995995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.575114012 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.575155973 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.575788021 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.575799942 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.575824976 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.575834036 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.575946093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.575980902 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.576127052 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.576159000 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.576606035 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.576617956 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.576637983 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.576647997 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.576956987 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.576968908 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.576994896 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577003956 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577445984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577486992 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577575922 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577588081 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577595949 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577609062 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577613115 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577622890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577629089 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577636957 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577649117 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577655077 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577663898 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577671051 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577680111 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577692032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577696085 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577706099 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577713013 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577725887 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577732086 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577740908 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.577758074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.577769995 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.578217030 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.578267097 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.578282118 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.578320980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.578454018 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.578488111 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.578494072 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.578531027 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.579121113 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.579161882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.579237938 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.579277039 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.579379082 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.579416990 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.579479933 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.579523087 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.579969883 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.580025911 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.580048084 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.580087900 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.580102921 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.580140114 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.580168962 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.580207109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.580935001 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.580976009 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581026077 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.581067085 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581147909 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.581190109 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581202984 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.581239939 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581795931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.581835032 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581880093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.581919909 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.581973076 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.582011938 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.582165003 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.582209110 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.582864046 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.582885027 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.582911015 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.582918882 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.582954884 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.582993031 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.583030939 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.583070040 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584048986 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584089041 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584116936 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584157944 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584183931 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584225893 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584235907 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584274054 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584567070 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584603071 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584654093 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584690094 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584702015 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584739923 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.584753036 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.584791899 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.585407972 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.585448980 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.585459948 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.585498095 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.585510969 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.585547924 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.585566998 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.585603952 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.586361885 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.586405993 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.586426020 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.586466074 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.586517096 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.586555004 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.586716890 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.586756945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.587184906 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:01.587223053 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.898041010 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:01.898425102 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.081058979 CEST	9000	49736	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.081135035 CEST	49736	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.081517935 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.081715107 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.081965923 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.264833927 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.265150070 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.265297890 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.265547991 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.267218113 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.267260075 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.450226068 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.450241089 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:02.984895945 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:02.985311985 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.003237963 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.003326893 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.184161901 CEST	9000	49737	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.184221029 CEST	49737	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.184598923 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.184660912 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.185020924 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.384258032 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.384322882 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.384470940 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.384696960 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.386378050 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.386418104 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.588306904 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.588323116 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:03.991991997 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:03.992383003 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:04.147281885 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:04.147381067 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:04.175260067 CEST	9000	49738	95.217.245.42	192.168.2.4
May 2, 2024 23:46:04.175342083 CEST	49738	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:04.175364971 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:04.175529003 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:07.393832922 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:07.576839924 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:07.576980114 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:07.577033043 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:07.773679972 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:07.775701046 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:07.958585024 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.000883102 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.001329899 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.184501886 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.184611082 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.184983015 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.200197935 CEST	9000	49739	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.200280905 CEST	49739	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.367855072 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.368149996 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.368220091 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.368573904 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.370311975 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.517824888 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:08.517921925 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:08.553656101 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.038420916 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.039349079 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.105284929 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.105484962 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.222354889 CEST	9000	49740	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.222445011 CEST	49740	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.223356009 CEST	9000	49744	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.223460913 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.236557007 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.420631886 CEST	9000	49744	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.421209097 CEST	9000	49744	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.421260118 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.421868086 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.423866987 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.425471067 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.612210989 CEST	9000	49747	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.612279892 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.612704039 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.615319014 CEST	9000	49744	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.615372896 CEST	49744	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.796641111 CEST	9000	49747	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.796833038 CEST	9000	49747	95.217.245.42	192.168.2.4
May 2, 2024 23:46:09.796884060 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.797477007 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.824789047 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:09.827155113 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.008168936 CEST	9000	49747	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.008244038 CEST	49747	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.026884079 CEST	9000	49750	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.026964903 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.027550936 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.227117062 CEST	9000	49750	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.227494001 CEST	9000	49750	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.227550983 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.227965117 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.276179075 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.277995110 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.461302996 CEST	9000	49751	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.461440086 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.461880922 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.470963955 CEST	9000	49750	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.475878000 CEST	9000	49750	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.475977898 CEST	49750	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.645422935 CEST	9000	49751	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.645509005 CEST	9000	49751	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.645600080 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.646003008 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.671300888 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.673470974 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.854784012 CEST	9000	49751	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.855294943 CEST	49751	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.856440067 CEST	9000	49752	95.217.245.42	192.168.2.4
May 2, 2024 23:46:10.856637001 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:10.857109070 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.040080070 CEST	9000	49752	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.040304899 CEST	9000	49752	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.042673111 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.043143034 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.044897079 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.050396919 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.230057001 CEST	9000	49752	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.230350971 CEST	49752	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.252034903 CEST	9000	49753	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.252120972 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.254379988 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.454510927 CEST	9000	49753	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.455168962 CEST	9000	49753	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.455245018 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.455940008 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.457745075 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:46:11.657840967 CEST	9000	49753	95.217.245.42	192.168.2.4
May 2, 2024 23:46:11.657898903 CEST	49753	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:47:19.105112076 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:47:19.105133057 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:47:19.105228901 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:47:39.575050116 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:47:39.575050116 CEST	49741	9000	192.168.2.4	95.217.245.42
May 2, 2024 23:47:39.759177923 CEST	9000	49741	95.217.245.42	192.168.2.4
May 2, 2024 23:47:39.759358883 CEST	49741	9000	192.168.2.4	95.217.245.42

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 23:45:49.608931065 CEST	58437	53	192.168.2.4	1.1.1.1
May 2, 2024 23:45:49.699968100 CEST	53	58437	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 2, 2024 23:45:49.608931065 CEST	192.168.2.4	1.1.1.1	0xe974	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 2, 2024 23:45:49.699968100 CEST	1.1.1.1	192.168.2.4	0xe974	No error (0)	steamcommunity.com		104.105.90.131	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.105.90.131	443	416	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 21:45:49 UTC	119	OUT	GET /profiles/76561199680449169 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-05-02 21:45:50 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 02 May 2024 21:45:50 GMT Content-Length: 34791 Connection: close Set-Cookie: sessionid=dc046a9770bea7bf426bc024; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C508ab5564afa3b57c72a631373801ca8; Path=/; Secure; HttpOnly; SameSite=None
2024-05-02 21:45:50 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-05-02 21:45:50 UTC	10062	IN	Data Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 73 75 70 65 72 6e 61 76 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0d 0a 09 09 09 09 09 53 55 50 50 4f 52 54 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 Data Ascii: <a class="menuitem supernav" href="https://help.steampowered.com/en/">SUPPORT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyW
2024-05-02 21:45:50 UTC	10215	IN	Data Raw: 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f Data Ascii: static.com\/","COMMUNITY_CDN_URL":"https:\/\/community.akamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":&quo

Target ID:	0
Start time:	23:45:47
Start date:	02/05/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xdf0000
File size:	386'560 bytes
MD5 hash:	1A6B4D357D1B8BAB80524E40BE1B2698
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	23:45:47
Start date:	02/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	23:45:48
Start date:	02/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc60000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.2%
Total number of Nodes:	356
Total number of Limit Nodes:	11

Executed Functions

Function 00E0A031 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9395896353acccf952a291b6f0163853f95de6a84289665eef3950dd9f5b70ca
Instruction ID: da91d1eabb6a822582e5f4b153df02fa37cb451b3c8623da0eca05fd8c33c57c
Opcode Fuzzy Hash: 9395896353acccf952a291b6f0163853f95de6a84289665eef3950dd9f5b70ca
Instruction Fuzzy Hash: 35E08C33A1122CEBCB14EB98C94499BF7ECEB45B40B1555AAB501E3140C270EE40CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00E001B7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6c70af4465b51eee87a21b9394eca4da2bf3182d56390a37949a0b0cf79ca84
Instruction ID: 8d2388204abb709a86a4c8d0d225c212b7d472a044dc555d9d448e6ea65cc295
Opcode Fuzzy Hash: a6c70af4465b51eee87a21b9394eca4da2bf3182d56390a37949a0b0cf79ca84
Instruction Fuzzy Hash: 77C08C34002A084BCE2D891087713AA33A8B3A17C6F84248DC8C22B6C2D55E9CC2D601

Uniqueness

Uniqueness Score: -1.00%

Function 00E051FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,411F3DC4,?,00E05308,?,?,00000000,00000000), ref: 00E052BC

Strings

api-ms-, xrefs: 00E05252
ext-ms-, xrefs: 00E05266

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 3d6eb9b5094c1fb04a86d9460a00c3eb76a3744d640ee0e25ba57fcdefe11e69
Instruction ID: 18e9d2282bd0be66a8f3a5c62ef2f36f5cfbc90bef9ef4f1031e6797db312d27
Opcode Fuzzy Hash: 3d6eb9b5094c1fb04a86d9460a00c3eb76a3744d640ee0e25ba57fcdefe11e69
Instruction Fuzzy Hash: 9D21C372A01611EBDB219BA2AC44AAB77B89F45764F245120E956B72E0D630ED84CED0

Uniqueness

Uniqueness Score: -1.00%

Function 00DF1379 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strcspn.LIBCMT ref: 00DF1400
_strcspn.LIBCMT ref: 00DF1424

Strings

3, xrefs: 00DF13DF
3, xrefs: 00DF13D5

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: _strcspn
String ID: 3$3
API String ID: 3709121408-502459628
Opcode ID: 5f66839811bb7e8a93d5fa208eff2cdec2cead70436ca92c076d9500cc8dadf7
Instruction ID: 459bf7e5e2d3f68a1d3489b07d4af29496f5dce87bb42441ae1d6210ad929755
Opcode Fuzzy Hash: 5f66839811bb7e8a93d5fa208eff2cdec2cead70436ca92c076d9500cc8dadf7
Instruction Fuzzy Hash: FEB14775508388EFD724DF24C884A7BBBE9EF89300F55881DFA9987261D730E945CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00E00143 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00E0013D,00000000,00DFA722,?,?,411F3DC4,00DFA722,?), ref: 00E00154
TerminateProcess.KERNEL32(00000000,?,00E0013D,00000000,00DFA722,?,?,411F3DC4,00DFA722,?), ref: 00E0015B
ExitProcess.KERNEL32 ref: 00E0016D

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5bd4074ddea3d4486d3e19e3eec6141a41911f5a9cf980c949948da156e020fe
Instruction ID: ab2002901d61860fff753d8f50db35e59b8070745bba9b080b6d16f02ff3ee6c
Opcode Fuzzy Hash: 5bd4074ddea3d4486d3e19e3eec6141a41911f5a9cf980c949948da156e020fe
Instruction Fuzzy Hash: 23D09E31001104BFCF016F71DC0DA8D3FA6AF44741B049010B949760B1CB759F99DA50

Uniqueness

Uniqueness Score: -1.00%

Function 00E07965 Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E070AF: GetConsoleOutputCP.KERNEL32(411F3DC4,00000000,00000000,00000000), ref: 00E07112

WriteFile.KERNEL32(?,00000000,?,00E1C4A0,00000000,0000000C,00000000,00000000,?,00000000,00E1C4A0,00000010,00DFEA3D,00000000,00000000,00000000), ref: 00E07ACE
GetLastError.KERNEL32(?,00000000), ref: 00E07AD8

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: b9a2c2eb3837a734dad9610f0e1470d669b297adcca5e12d2348b5e86206686f
Instruction ID: c164b485933299b7b5dee7f5bc658b4c6241f39e2c90a0092368db5d5778a23d
Opcode Fuzzy Hash: b9a2c2eb3837a734dad9610f0e1470d669b297adcca5e12d2348b5e86206686f
Instruction Fuzzy Hash: C7618471D08149AEDF11CFA8C844EEEBFB9AF49308F145085F894B7292D375EA85CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00DF53C9 Relevance: 3.1, APIs: 2, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Fputc.LIBCPMT ref: 00DF54A2

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Fputc
String ID:
API String ID: 3078413507-0
Opcode ID: ae0adc6ada1182ee360160957bd75155fa32d1f9584e3e0e3fe0f7a71f3701c5
Instruction ID: ccba64b69c24c085fa17749cde6e6899f76029f050688d0ab39bb061004b1e8d
Opcode Fuzzy Hash: ae0adc6ada1182ee360160957bd75155fa32d1f9584e3e0e3fe0f7a71f3701c5
Instruction Fuzzy Hash: 18415F3690051EABCB15DF64E4808FEB7B9FF09351B198016EB41A7654EB31EA84CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00E07567 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,00E07AB4,00000000,00000000,00000000,?,0000000C,00000000), ref: 00E07603
GetLastError.KERNEL32(?,00E07AB4,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,00E1C4A0,00000010,00DFEA3D,00000000,00000000), ref: 00E07629

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 75bc9ab0e3bded2d5bb2c2daf30a6d2d1b838db7042e8e75b61745bcc50e2035
Instruction ID: efe7a51e7c9b8085f12d60bc9ee1d359b68e1e09628f9b7aaf45879a33a9ee8d
Opcode Fuzzy Hash: 75bc9ab0e3bded2d5bb2c2daf30a6d2d1b838db7042e8e75b61745bcc50e2035
Instruction Fuzzy Hash: 59217675A041199FCF19CF29DC809DDB7B5EB4D305F1440A9E946E7291D630EE86CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00E04EE6 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00E04F32
GetFileType.KERNELBASE(00000000), ref: 00E04F44

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 10dd5834380c68605d05535cffac8bfc1223f7b36c8223ac2c123f0d13444e03
Instruction ID: 4da2c8f577e1e24c71bb138ef374ca564f44d5649d020e5c65a444d74625547c
Opcode Fuzzy Hash: 10dd5834380c68605d05535cffac8bfc1223f7b36c8223ac2c123f0d13444e03
Instruction Fuzzy Hash: 2211E9F17047534AC7304E3E8E886627A94AB96375B38371EE6B6B71F1C330D9C69240

Uniqueness

Uniqueness Score: -1.00%

Function 00DF3D0A Relevance: 3.0, APIs: 2, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00E4EC40,000004AC,00000040,00000000), ref: 00DF3D26
FreeConsole.KERNELBASE ref: 00DF3D2C

Part of subcall function 00DF3062: OpenIcon.USER32(00000000), ref: 00DF307C

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ConsoleFreeIconOpenProtectVirtual
String ID:
API String ID: 3161549936-0
Opcode ID: b1088b49685a9e7a44f5bcab019f1e41181d23017959a9a52db834d8439f9687
Instruction ID: 66a49d2a7fb5e0a030aaa287413228bcf48f91a2e82d1624f9d03ed111825c9a
Opcode Fuzzy Hash: b1088b49685a9e7a44f5bcab019f1e41181d23017959a9a52db834d8439f9687
Instruction Fuzzy Hash: 75E06D729012147BD710AA63EC0BFCF2A6DDBC2721F158035F604B6141DA299F0583B9

Uniqueness

Uniqueness Score: -1.00%

Function 00E052C6 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dcd785e13a4bfda32c678bea162ceb2586999b29b7126bba2403c4a4dbf67da
Instruction ID: a8d237fee60698c606ce1b762644909025f9a3df0dbe1beeba952134cd1d1516
Opcode Fuzzy Hash: 1dcd785e13a4bfda32c678bea162ceb2586999b29b7126bba2403c4a4dbf67da
Instruction Fuzzy Hash: 7401F5336049255FDF12DE6EEC40AAB3397EBC93647148121F904FB1D8DA34DC818B90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00E0C3CE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00E0C4DA
IsValidCodePage.KERNEL32(00000000), ref: 00E0C523
IsValidLocale.KERNEL32(?,00000001), ref: 00E0C532
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00E0C57A
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00E0C599

Strings

u, xrefs: 00E0C487

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID: u
API String ID: 415426439-1134419696
Opcode ID: 69dc125163c2f50c74c6b757c3773d4d7cd0f39102b910a023d3e690c9296bdb
Instruction ID: 0251d374680c28f7858030c1b919af0f986dba3d6cf5a1046b8acf5fbd4c1842
Opcode Fuzzy Hash: 69dc125163c2f50c74c6b757c3773d4d7cd0f39102b910a023d3e690c9296bdb
Instruction Fuzzy Hash: 28516E71A00215AFDB20DFA5CC55AFAB7F8FF08704F259569E520F71D0EB709A848B61

Uniqueness

Uniqueness Score: -1.00%

Function 00E0CD80 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00E0CF64

Strings

1#QNAN, xrefs: 00E0CE93
1#INF, xrefs: 00E0CEB6
1#IND, xrefs: 00E0CE85
1#SNAN, xrefs: 00E0CE8C

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: bd12d19e289ad96612f38902971b958410dc714a858d386b75df0f0bffa602ed
Instruction ID: 53daa6106bcc138ed0f1658067ab240c3d921aafe906049c0c012b6c7d61912a
Opcode Fuzzy Hash: bd12d19e289ad96612f38902971b958410dc714a858d386b75df0f0bffa602ed
Instruction Fuzzy Hash: 21D21672E082298FDB65CE68DD407EAB7B5EB44304F1455EAD44DF7280EB78AE818F41

Uniqueness

Uniqueness Score: -1.00%

Function 00E0C1F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00E0C517,00000002,00000000,?,?,?,00E0C517,?,00000000), ref: 00E0C292
GetLocaleInfoW.KERNEL32(?,20001004,00E0C517,00000002,00000000,?,?,?,00E0C517,?,00000000), ref: 00E0C2BB
GetACP.KERNEL32(?,?,00E0C517,?,00000000), ref: 00E0C2D0

Strings

ACP, xrefs: 00E0C217
OCP, xrefs: 00E0C24D

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 612949bbdfc42401fbab58257b8d3d39614b835a55dab8da9b48975681441c0e
Instruction ID: 36d133332ac39b11b08452e277dac106c221794923fb88596b075e6058033afc
Opcode Fuzzy Hash: 612949bbdfc42401fbab58257b8d3d39614b835a55dab8da9b48975681441c0e
Instruction Fuzzy Hash: 0221C432700500EBDB308FD4C905AD772A6EF54B58B76A624E90AF79A4E732DEC0C350

Uniqueness

Uniqueness Score: -1.00%

Function 00DFEEF0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Strings

,, xrefs: 00DFF233, 00DFF211
,, xrefs: 00DFEF0B, 00DFF08E, 00DFF2B7, 00DFF250, 00DFF0DD

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ,$,
API String ID: 0-3228553458
Opcode ID: b918ce5ba07d05ff1d573fb676ebfcada0811aa90aede51354a3873ecbe237d1
Instruction ID: 7b0901db76901d6128612028f731fcdd5abecddc0cca0ce2b5124b1e5873c17c
Opcode Fuzzy Hash: b918ce5ba07d05ff1d573fb676ebfcada0811aa90aede51354a3873ecbe237d1
Instruction Fuzzy Hash: C6F11C75E002199BDF14CFA8D880AADB7F1FF88314F1A8269E915EB391D7309E41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00E03F4F Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E03FDC

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 3b77efa88b360e3b2f44fc598f2baa6fe67a69f1edf31522626998ca8dd4c5a1
Instruction ID: a4e0b28aa4e9998eaf8a0c43052738f609331c45a0e83bec043c2e2d39df268f
Opcode Fuzzy Hash: 3b77efa88b360e3b2f44fc598f2baa6fe67a69f1edf31522626998ca8dd4c5a1
Instruction Fuzzy Hash: 39B187F2A042469FDB11CF68C981BFEBBE5EF55344F14916AEA00BB2C1C2349D81C760

Uniqueness

Uniqueness Score: -1.00%

Function 00E08F67 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00E09057
FindNextFileW.KERNEL32(00000000,?), ref: 00E0914B
FindClose.KERNEL32(00000000), ref: 00E0918A
FindClose.KERNEL32(00000000), ref: 00E091BD

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 1497ca2fb991645f00d12260989bd5033bb80e3b8deca8af45b6e31979c941da
Instruction ID: 750302268617b101b481f24bbba63ea9a7a11da649aa5a9971c76b508ee03f22
Opcode Fuzzy Hash: 1497ca2fb991645f00d12260989bd5033bb80e3b8deca8af45b6e31979c941da
Instruction Fuzzy Hash: 2B71B371A0615D6FDF20AF34CD89AAABBB9AF45304F1451D9E088B7292DA318EC58F10

Uniqueness

Uniqueness Score: -1.00%

Function 00DF69EF Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00DF69FB
IsDebuggerPresent.KERNEL32 ref: 00DF6AC7
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00DF6AE0
UnhandledExceptionFilter.KERNEL32(?), ref: 00DF6AEA

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: fcd48aed4991892b7e51a72cf5b47715b006158df29f0b02d88b15bb661a5a87
Instruction ID: fff2875f60f8146b2ace189ef81d44411a082321a007f073af1fa37d2d09dbd4
Opcode Fuzzy Hash: fcd48aed4991892b7e51a72cf5b47715b006158df29f0b02d88b15bb661a5a87
Instruction Fuzzy Hash: C931F675D0521C9BDF20DFA5D949BCDBBB8EF08300F1081AAE50CAB250EB719B858F55

Uniqueness

Uniqueness Score: -1.00%

Function 00E0BE7D Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E0BED1
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E0BF1B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E0BFE1

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 96ecbe1a9c4f68ed0057c9a556ec9818586d9f0218bcdd2f4c34bf689af052b1
Instruction ID: bbb133cdfefc59f29f48c736fb133fcf460c4d28e37fa89236379fc8a132c02e
Opcode Fuzzy Hash: 96ecbe1a9c4f68ed0057c9a556ec9818586d9f0218bcdd2f4c34bf689af052b1
Instruction Fuzzy Hash: 04617C71610217DFDB289F24CD82BAAB3E8FF04304F20526AE919E66C5EB74D9D1DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00DFA723 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00DFA81B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DFA825
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00DFA832

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 15f1b3259e2af54294a15b06e1dacd3329235576baf763b49ffed6fe7bfdc266
Instruction ID: 3eb4e84c55bb34fbc421436094260971afaf990d29e2f83e27b6114d841284d3
Opcode Fuzzy Hash: 15f1b3259e2af54294a15b06e1dacd3329235576baf763b49ffed6fe7bfdc266
Instruction Fuzzy Hash: A931D37490122C9BCB21DF28D888BDCBBB8BF08710F5081EAE91CA6251E7709F858F55

Uniqueness

Uniqueness Score: -1.00%

Function 00E39BC7 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 761COMMONLIBRARYCODE

Download Yara Rule

APIs

__invoke_watson.LIBCMT ref: 00E39C9F

Part of subcall function 00E363C8: __call_reportfault.LIBCMT ref: 00E363D5

Strings

T, xrefs: 00E39D70

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __call_reportfault__invoke_watson
String ID: T
API String ID: 3340580077-3187964512
Opcode ID: db0833b12c69802265dfdc8630987a7878d7349af451cae304aaa84fa9003980
Instruction ID: 97887c016a09c10ac7c81ef14e3b108cd5166d5ff223e70ecee15bc8769d35c8
Opcode Fuzzy Hash: db0833b12c69802265dfdc8630987a7878d7349af451cae304aaa84fa9003980
Instruction Fuzzy Hash: 57529072E0025A8BDF24CFA8C4492FEBBF1FF54304F58916AD856BB281D7758985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00E03663 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E0365E,?,?,00000008,?,?,00E11615,00000000), ref: 00E03890

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 9877000579959423b04e1c77325214697be1c2c74515fd3b2ee72d6fa02f1f19
Instruction ID: dc565a5f4478d6aea2023dc3b41d91e83036362cdb3eeb7fccbe0f8bca7846bd
Opcode Fuzzy Hash: 9877000579959423b04e1c77325214697be1c2c74515fd3b2ee72d6fa02f1f19
Instruction Fuzzy Hash: 49B16D75210608DFD718CF28C486BA57BE4FF45368F298659E89ADF2E1C335EA81CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00DF64CC Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00DF64E2

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: b65fc764f9d52e0970d8f9245db8ff087dc421566585e5a5c000fdf201f45e71
Instruction ID: 74d0d1dfd09cd50b26f0fdcc20a8359e6651b29e7bbffc88060725d2c03ac705
Opcode Fuzzy Hash: b65fc764f9d52e0970d8f9245db8ff087dc421566585e5a5c000fdf201f45e71
Instruction Fuzzy Hash: B5518BB1A042198FEB18CF66D8817AABBF4FB48304F19C56AD905FB764D374E904CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00DFBE7D Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00DFC00B

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 3e98ae3bbc55c30ebb002bb0704edd081b4a0e27a49a86bdbfd88f078f8e8f8a
Instruction ID: 5257fe5433e373013bcfe4272d92434f6c60ee2dcd0ba7e6b9d7b3287d5baa3e
Opcode Fuzzy Hash: 3e98ae3bbc55c30ebb002bb0704edd081b4a0e27a49a86bdbfd88f078f8e8f8a
Instruction Fuzzy Hash: 10C1E27051064E8FCB24CF28C9906BAB7A1EF05324F1AD61AE78697392C731ED56CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00E0C0D0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E0C124

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f26784fc99b6546478a425f031e400f42d703d2112456e6911d3a21d933641c4
Instruction ID: cbd736f5877eb9209fbe75abdf7b27625e60d062b6d8294c36616225de5cd54d
Opcode Fuzzy Hash: f26784fc99b6546478a425f031e400f42d703d2112456e6911d3a21d933641c4
Instruction Fuzzy Hash: 12219532615116ABDB289B25DC41ABA73F8EF44314F20627AF906F6182EB34DD859B50

Uniqueness

Uniqueness Score: -1.00%

Function 00E0BD57 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

EnumSystemLocalesW.KERNEL32(00E0BE7D,00000001,00000000,?,-00000050,?,00E0C4AE,00000000,?,?,?,00000055,?), ref: 00E0BDC9

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 57a4ed1f28ff1f7e5e978326ba6c05eba9b261553fd980ddac31fe4b62939c6b
Instruction ID: e3a3709c9c5b1f5e92ed3060e8b7da80a3bd43cde899f54069de5df095b6de3d
Opcode Fuzzy Hash: 57a4ed1f28ff1f7e5e978326ba6c05eba9b261553fd980ddac31fe4b62939c6b
Instruction Fuzzy Hash: 49110C372007059FDB189F39C8A16BAB791FF84358B18443DE94797680D771B983C740

Uniqueness

Uniqueness Score: -1.00%

Function 00E0C2FF Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00E0C099,00000000,00000000,?), ref: 00E0C32B

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 3a2bffe20b56e1b75ae1c57ece5d893051e107df37892a47ad634479aa811e14
Instruction ID: 4797f852ec2b7b80ae952541702de13f5ee7416511d33683a3f07742f44fc564
Opcode Fuzzy Hash: 3a2bffe20b56e1b75ae1c57ece5d893051e107df37892a47ad634479aa811e14
Instruction Fuzzy Hash: C4F0A932A10216ABDB245B25C8457FB77A8FB40B58F25D568ED06B31C0DA78FD81C690

Uniqueness

Uniqueness Score: -1.00%

Function 00E0BDF2 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

EnumSystemLocalesW.KERNEL32(00E0C0D0,00000001,?,?,-00000050,?,00E0C472,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00E0BE3C

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: f615101278dff022e5e6f66f1bf7a80bdf5fe5381aafc305bb82fd0171702451
Instruction ID: 24911b872b214e0a26b7da104053ff785bde9c3fc5c25304b6336567c66418ca
Opcode Fuzzy Hash: f615101278dff022e5e6f66f1bf7a80bdf5fe5381aafc305bb82fd0171702451
Instruction Fuzzy Hash: D1F0C2363003085FDB249F35D885AAB7BD1FB8076CF15842DFA466B6C0C7B19C82C650

Uniqueness

Uniqueness Score: -1.00%

Function 00E05032 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00DFCD14: EnterCriticalSection.KERNEL32(?,?,00E02728,?,00E1C360,00000008,00E028EC,?,?,?), ref: 00DFCD23

EnumSystemLocalesW.KERNEL32(Function_00015025,00000001,00E1C420,0000000C,00E05454,?), ref: 00E0506A

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 7b18bbcf628f5b1a9d1f0a307590954e277edd7c6becd8f8ef1647a044fefbb7
Instruction ID: 88b30838fcf7cfdb97956ee4daf1b5f405196877af957bac19487197d1324a64
Opcode Fuzzy Hash: 7b18bbcf628f5b1a9d1f0a307590954e277edd7c6becd8f8ef1647a044fefbb7
Instruction Fuzzy Hash: 2DF03772A10208AFD700DF99E842BAD7BE0FB48720F10852AF910AB2E0CB7549448FA0

Uniqueness

Uniqueness Score: -1.00%

Function 00E0BD0C Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E02A50: GetLastError.KERNEL32(?,00000008,00E087AF,00000000,00DFA8A0), ref: 00E02A54
Part of subcall function 00E02A50: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 00E02AF6

EnumSystemLocalesW.KERNEL32(00E0BC65,00000001,?,?,?,00E0C4D0,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00E0BD43

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 5917dfc56728a904fff9d8c16b84b9bf9beb03a0995cd9f883c54c373a6c452c
Instruction ID: 089fa21bf724006d0c43c503e854d5899a2417a252daa71643c16aef39e335ab
Opcode Fuzzy Hash: 5917dfc56728a904fff9d8c16b84b9bf9beb03a0995cd9f883c54c373a6c452c
Instruction Fuzzy Hash: 96F0E53630020957CB149F36D845B6BBF94FFC1764F068059EA0A9B290CB719982C790

Uniqueness

Uniqueness Score: -1.00%

Function 00E05558 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00E0165C,?,20001004,00000000,00000002,?,?,00E00C5E), ref: 00E0558C

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 56326fa8c119077ccf6113fc4a0db7e2af94559ebfbb30a543282e9ba2c2525d
Instruction ID: 690eec5d68c69cb815ba8b453e267cecf4085f8584741722eb8f6616d08a12f1
Opcode Fuzzy Hash: 56326fa8c119077ccf6113fc4a0db7e2af94559ebfbb30a543282e9ba2c2525d
Instruction Fuzzy Hash: 3CE01A36501A28BBCF122F61EC04AEE7A56EB44750F019010F905761A0CB728E61AF94

Uniqueness

Uniqueness Score: -1.00%

Function 00DF6B4B Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00006B57,00DF60AA), ref: 00DF6B50

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4a13748425c3a68286b22d1c284bfaa9aec0f2460ff54db9d093a08236d57584
Instruction ID: e8b41997cca9a1c0fc19cbb12510244c1fc35ff1eae59f2b46ea79b9bc5007ef
Opcode Fuzzy Hash: 4a13748425c3a68286b22d1c284bfaa9aec0f2460ff54db9d093a08236d57584
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00E0C630 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00E0C630

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 0360a6a14b2c3e47440f4bc5e3359fcec91269fea75db3b592961110701527fd
Instruction ID: 9803bb230364abc14702bab09aa375391c2b2a61cd9b964454b0aec47eb36683
Opcode Fuzzy Hash: 0360a6a14b2c3e47440f4bc5e3359fcec91269fea75db3b592961110701527fd
Instruction Fuzzy Hash: 16A011302022028F8B008F33AA082883AE8AB0A380302C028A800E0220EA3088088A02

Uniqueness

Uniqueness Score: -1.00%

Function 00E34113 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00DF9638 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00DF9757
___TypeMatch.LIBVCRUNTIME ref: 00DF9865
_UnwindNestedFrames.LIBCMT ref: 00DF99B7
CallUnexpected.LIBVCRUNTIME ref: 00DF99D2

Strings

csm, xrefs: 00DF96E2
csm, xrefs: 00DF9675
csm, xrefs: 00DF978E
B, xrefs: 00DF974E

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: B$csm$csm$csm
API String ID: 2751267872-34337245
Opcode ID: 4e5bc32dcf268b624bde51f8507a57dbea9c601738985ebb707f24e6bf80def6
Instruction ID: b9a06d032c5e7e9cefe811dc576d7c23f207e97f75288dc4113b3a0a2ad68513
Opcode Fuzzy Hash: 4e5bc32dcf268b624bde51f8507a57dbea9c601738985ebb707f24e6bf80def6
Instruction Fuzzy Hash: 93B11771C0020DAFCF15DFA8C891ABEBBB5EF04310B1A815AEA156B216D771DA51CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00E104DA Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00E10580
__alloca_probe_16.LIBCMT ref: 00E1063B
__alloca_probe_16.LIBCMT ref: 00E106CA
__freea.LIBCMT ref: 00E10715
__freea.LIBCMT ref: 00E1071B
__freea.LIBCMT ref: 00E10751
__freea.LIBCMT ref: 00E10757
__freea.LIBCMT ref: 00E10767

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 723879244932a5d1b35ea526c2f485554e336c2fa7adef885f010befd001dce4
Instruction ID: 859caaebb9139f570918f91531a444c57b9e0e74ce47212482bcec7ad062a82f
Opcode Fuzzy Hash: 723879244932a5d1b35ea526c2f485554e336c2fa7adef885f010befd001dce4
Instruction Fuzzy Hash: A971E572900209ABDF30AE548D41BEE77FADF49354F292016E955B72C1DAB5DDC08F60

Uniqueness

Uniqueness Score: -1.00%

Function 00E0EDFD Relevance: 9.3, APIs: 6, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33b20a096b6be195b352a956418341ecdc9cdd166abe0cf9343a3f48e7793b7a
Instruction ID: ec5be7b1865f670781b8ab97f7ce85ac60c777ddc22c08dbb25887ded51b35d0
Opcode Fuzzy Hash: 33b20a096b6be195b352a956418341ecdc9cdd166abe0cf9343a3f48e7793b7a
Instruction Fuzzy Hash: 64B1F4B0A04249AFDB21DFA9C840BAE7BF2EF45304F149569E514BB3D2C7709991CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00DF4844 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF484B
std::_Lockit::_Lockit.LIBCPMT ref: 00DF4855
int.LIBCPMT ref: 00DF486C

Part of subcall function 00DF21B2: std::_Lockit::_Lockit.LIBCPMT ref: 00DF21C3
Part of subcall function 00DF21B2: std::_Lockit::~_Lockit.LIBCPMT ref: 00DF21DD

codecvt.LIBCPMT ref: 00DF488F
std::_Facet_Register.LIBCPMT ref: 00DF48A6
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF48C6

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: c11f700adbe6dac454fb032d6a945d5cd048de9e1f4ac594f343f50863e13dad
Instruction ID: 416ee8bf62733b3f04d613ef3ec6e6f2db5fe9b20a1fd4c00ef96aeb43a7d637
Opcode Fuzzy Hash: c11f700adbe6dac454fb032d6a945d5cd048de9e1f4ac594f343f50863e13dad
Instruction Fuzzy Hash: 7511D2719002189BCB10AFA4D8027BEB7B4FF84310F168509FB01A7381DFB09E4587B1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF92CA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00DF92C1,00DF79F7,00DF6B9B), ref: 00DF92D8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00DF92E6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DF92FF
SetLastError.KERNEL32(00000000,00DF92C1,00DF79F7,00DF6B9B), ref: 00DF9351

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 2a121ed381f7b7556fd1583938f81b11694d586441228ea2344caae3b1c17257
Instruction ID: c80361e6ea865cfeefdd7b0e4ff41c5d547d66f709798ca78a054c504b35371c
Opcode Fuzzy Hash: 2a121ed381f7b7556fd1583938f81b11694d586441228ea2344caae3b1c17257
Instruction Fuzzy Hash: 1A01283290C33A6EA6142E797CA57B767C6FB0633473AC229F718610E0EF518C059171

Uniqueness

Uniqueness Score: -1.00%

Function 00E001D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,411F3DC4,?,?,00000000,00E120E7,000000FF,?,00E00169,?,?,00E0013D,00000000), ref: 00E0020E
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E00220
FreeLibrary.KERNEL32(00000000,?,00000000,00E120E7,000000FF,?,00E00169,?,?,00E0013D,00000000), ref: 00E00242

Strings

CorExitProcess, xrefs: 00E00218
mscoree.dll, xrefs: 00E00207

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 3c975b7fd1e8c9581d30005d4eb1bea844e07da32360f839e94a2dc1ae215d14
Instruction ID: 1d46677bc1219a1755cc61e1c56290128cbfc55bca6805f57014bf42eeb853f8
Opcode Fuzzy Hash: 3c975b7fd1e8c9581d30005d4eb1bea844e07da32360f839e94a2dc1ae215d14
Instruction Fuzzy Hash: F401D631A54615EFCB118F61DC09FEEBBB9FB08B14F004629F816B22E0DB759A44CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E061FA Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00E06281
__alloca_probe_16.LIBCMT ref: 00E06342
__freea.LIBCMT ref: 00E063A9

Part of subcall function 00E03D40: HeapAlloc.KERNEL32(00000000,0100FB58,00000000,?,00DF5EDB,0100FB58,?,00DF26AE,00000044,00000000,0100FB58), ref: 00E03D72

__freea.LIBCMT ref: 00E063BE
__freea.LIBCMT ref: 00E063CE

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 9bb70b201f969daa7a75664be79b78d91d81f3296e29ab31399ca4d1003bae6f
Instruction ID: 7fe9aada1f31ba85d247728e5fd670bd599ae9afbf4c26b88d9155874a2171f4
Opcode Fuzzy Hash: 9bb70b201f969daa7a75664be79b78d91d81f3296e29ab31399ca4d1003bae6f
Instruction Fuzzy Hash: E551B572600216AFEF215F64DC81FBB76A9EF84718B155129FD05F6190EB35DCA087A0

Uniqueness

Uniqueness Score: -1.00%

Function 00DF414C Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00DF4153
std::_Lockit::_Lockit.LIBCPMT ref: 00DF415E
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF41CC

Part of subcall function 00DF42AF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00DF42C7

std::locale::_Setgloballocale.LIBCPMT ref: 00DF4179
_Yarn.LIBCPMT ref: 00DF418F

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: fb56511164b04bad74e3484be8a47f3b1e80c9b3a0ba76c96256bae6e26bdcb8
Instruction ID: 06df684cb6fad97b49391527c8842295cee6cd6d78f0cdbb69db713687ce7f58
Opcode Fuzzy Hash: fb56511164b04bad74e3484be8a47f3b1e80c9b3a0ba76c96256bae6e26bdcb8
Instruction Fuzzy Hash: 17019A75A012199FDB05EF21D8455BDBBA2FF88740B1A8049FB0167381CF74AE86CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00E37071 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00E3707D

Part of subcall function 00E37254: __getptd_noexit.LIBCMT ref: 00E37257
Part of subcall function 00E37254: __amsg_exit.LIBCMT ref: 00E37264

__getptd.LIBCMT ref: 00E37094
__amsg_exit.LIBCMT ref: 00E370A2
__lock.LIBCMT ref: 00E370B2
__updatetlocinfoEx_nolock.LIBCMT ref: 00E370C6

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: ab500465c7949d66768cd5fa76516c7e20d4d04377781581de3136c8911f917d
Instruction ID: cbce062d3744522ce751448295f6cd94451abb8884bcc89e689c2d0785e02269
Opcode Fuzzy Hash: ab500465c7949d66768cd5fa76516c7e20d4d04377781581de3136c8911f917d
Instruction Fuzzy Hash: 20F0F6B294C3109BDB39BB74580F70E7FE0AF00724F10A149F490772D2CB648900CE96

Uniqueness

Uniqueness Score: -1.00%

Function 00E07D95 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E07F2D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E07F40

Strings

k}, xrefs: 00E07E36
k}, xrefs: 00E07E14

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: k}$k}
API String ID: 885266447-797415695
Opcode ID: 0c9e0d75a200186586f77d0d23e0fd87d27013742f67cc7a8092472e74dded81
Instruction ID: 68d44f66324efd325b0615830201fb2facd3cc8650057777210b0b300f098f59
Opcode Fuzzy Hash: 0c9e0d75a200186586f77d0d23e0fd87d27013742f67cc7a8092472e74dded81
Instruction Fuzzy Hash: 7B517C71E04149AFCF14CF98C881EEEBBB2EF89354F149499E895A7391D731AD82CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00DFA412 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00DFA3C3,00000000,00000000,?,?,?,?,00DFA4ED,00000002,FlsGetValue,00E14CC8,FlsGetValue), ref: 00DFA41F
GetLastError.KERNEL32(?,00DFA3C3,00000000,00000000,?,?,?,?,00DFA4ED,00000002,FlsGetValue,00E14CC8,FlsGetValue,00000000,?,00DF937D), ref: 00DFA429
LoadLibraryExW.KERNEL32(?,00000000,00000000,00E14CC8,FlsGetValue,00000000,?,00DF937D), ref: 00DFA451

Strings

api-ms-, xrefs: 00DFA436

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: a8bc55168f8262968498fe61efd89ccae77c42c2c46d767c31a7b319faa9a3f7
Instruction ID: 008e74a0c1d8a49c942a7509fb0be9bbb9adfaacf351af922062fa8f3b748e50
Opcode Fuzzy Hash: a8bc55168f8262968498fe61efd89ccae77c42c2c46d767c31a7b319faa9a3f7
Instruction Fuzzy Hash: DFE01A74680208BFEF105F71EC0ABA83F95AB04B90F14C020FA0CF80E1E7A2D9559595

Uniqueness

Uniqueness Score: -1.00%

Function 00E070AF Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(411F3DC4,00000000,00000000,00000000), ref: 00E07112

Part of subcall function 00E08857: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E0639F,?,00000000,-00000008), ref: 00E08903

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00E0736D
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E073B5
GetLastError.KERNEL32 ref: 00E07458

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 2b60568440d6c8ebad06cc027cb1b1804c9e1cb57f1a25e44e40f7425a52b41c
Instruction ID: c1aeb46bf1532d50609df3c79928ec2f7621c1b24fe7d28b0a285365337e9bcf
Opcode Fuzzy Hash: 2b60568440d6c8ebad06cc027cb1b1804c9e1cb57f1a25e44e40f7425a52b41c
Instruction Fuzzy Hash: A0D159B5D082599FCB15CFA8D8809EDBBB4FF48304F18856AE8A5F7391D730A985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00DF93E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00DF94A8
___AdjustPointer.LIBCMT ref: 00DF94CB
___AdjustPointer.LIBCMT ref: 00DF9567

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d8d0ceab6eb5424fdd2b9df59b0fdd5929c4746d58afbf344bdcfeb3d811b83b
Instruction ID: 7a67c4bff8fb59b4d574fc2a4900dd612fb0a9bb42a6060ab2d23a92fdfdfbde
Opcode Fuzzy Hash: d8d0ceab6eb5424fdd2b9df59b0fdd5929c4746d58afbf344bdcfeb3d811b83b
Instruction Fuzzy Hash: EA51D371A0020AAFDB258F14D861BBAF7A4EF14314F1AC429EB5547291E731ED81CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00E08C73 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00E08857: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E0639F,?,00000000,-00000008), ref: 00E08903

GetLastError.KERNEL32 ref: 00E08CD7
__dosmaperr.LIBCMT ref: 00E08CDE
GetLastError.KERNEL32(?,?,?,?), ref: 00E08D18
__dosmaperr.LIBCMT ref: 00E08D1F

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 47e618d8dc56aa6283281ddb2cffcaaf5173f2ffdef5d13bcf0870047d544827
Instruction ID: a534fbbf3183b19b1b8ae92e43ebc1f70ca74ea4e663390550c923807b7b6dc9
Opcode Fuzzy Hash: 47e618d8dc56aa6283281ddb2cffcaaf5173f2ffdef5d13bcf0870047d544827
Instruction Fuzzy Hash: 6C21F831200609AFDB10AF75D98196BB7AEEF24368711D918F999A72D1DF30EC8087B0

Uniqueness

Uniqueness Score: -1.00%

Function 00DFF51B Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f15926c9f9d4bbd7c3ebf652f57b42e62a0527f84d39f114e16f7ef4c5a952
Instruction ID: eddf130a6e1975e8b4ebd67eb6d1ad810e76bad51c0e65e9ad3f9d0625776863
Opcode Fuzzy Hash: 92f15926c9f9d4bbd7c3ebf652f57b42e62a0527f84d39f114e16f7ef4c5a952
Instruction Fuzzy Hash: 89219A3220424DAF9B20AF71D88087A77AAEF14364716C939FA69DB751DB31ED5087B0

Uniqueness

Uniqueness Score: -1.00%

Function 00E09C09 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00E09C11

Part of subcall function 00E08857: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E0639F,?,00000000,-00000008), ref: 00E08903

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E09C49
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E09C69

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: cac4e923821cf09014b78a917140f5aadae2cd89de3e7ed40f21450f767d02ac
Instruction ID: 5c728f5704ea8a103c8f05b0c3668238198e97a5660c1b8b35e31a460c331bd3
Opcode Fuzzy Hash: cac4e923821cf09014b78a917140f5aadae2cd89de3e7ed40f21450f767d02ac
Instruction Fuzzy Hash: A611C4B1A016157FF7212FB29DCDCEFA9DCDE453983205415F401B1183FA20CE814171

Uniqueness

Uniqueness Score: -1.00%

Function 00E35F61 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00E35F87

Part of subcall function 00E35DB3: __fltout2.LIBCMT ref: 00E35DDE

__cftog_l.LIBCMT ref: 00E35FAD
__cftoe_l.LIBCMT ref: 00E35FDF

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: e8273db136a27556a9b84921e9adc41f8b68b734e6a2436ba4959bb0c665d011
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: B6113D3310498AFBCF125E84CC49CEE3F62BF58358F599415FA5869221D736C9B1EB81

Uniqueness

Uniqueness Score: -1.00%

Function 00DF19D7 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00DF19E3
int.LIBCPMT ref: 00DF19F6

Part of subcall function 00DF21B2: std::_Lockit::_Lockit.LIBCPMT ref: 00DF21C3
Part of subcall function 00DF21B2: std::_Lockit::~_Lockit.LIBCPMT ref: 00DF21DD

std::_Facet_Register.LIBCPMT ref: 00DF1A29
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF1A3F

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: ecdc980039f567038f86812bf2472d19b41a780e27de50b41b0898775d4504dc
Instruction ID: 7279c12f0d29c6e4151e9f2e512313de26a07b8cffcfe45c1a79077b7ed7fea0
Opcode Fuzzy Hash: ecdc980039f567038f86812bf2472d19b41a780e27de50b41b0898775d4504dc
Instruction Fuzzy Hash: 3501843690011CEBCB14AB64DC059BE7B68EF84760F268149FB05A7291EE30DF8287B4

Uniqueness

Uniqueness Score: -1.00%

Function 00DF1AC9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00DF1AD5
int.LIBCPMT ref: 00DF1AE8

Part of subcall function 00DF21B2: std::_Lockit::_Lockit.LIBCPMT ref: 00DF21C3
Part of subcall function 00DF21B2: std::_Lockit::~_Lockit.LIBCPMT ref: 00DF21DD

std::_Facet_Register.LIBCPMT ref: 00DF1B1B
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF1B31

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: afa33c667b7bd790bf4ee75391b0fd4bfa4c9b537bff113d036912ce1926c324
Instruction ID: 1f97a3554ca1a3496eb698c8a47df05a32b2f1d9bf43fe8729bd3ceea123e213
Opcode Fuzzy Hash: afa33c667b7bd790bf4ee75391b0fd4bfa4c9b537bff113d036912ce1926c324
Instruction Fuzzy Hash: 1A01847660011CEBCB15AB64DC068FE7B79DF84760B168149FB05AB290EA309F4687B4

Uniqueness

Uniqueness Score: -1.00%

Function 00DF1A50 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00DF1A5C
int.LIBCPMT ref: 00DF1A6F

Part of subcall function 00DF21B2: std::_Lockit::_Lockit.LIBCPMT ref: 00DF21C3
Part of subcall function 00DF21B2: std::_Lockit::~_Lockit.LIBCPMT ref: 00DF21DD

std::_Facet_Register.LIBCPMT ref: 00DF1AA2
std::_Lockit::~_Lockit.LIBCPMT ref: 00DF1AB8

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: f44574204f1ec71769ae04d3b909a11023564ed2c17e61298740a85bbb33fcfd
Instruction ID: 2dd5f9eec4cd9dce08f8a7e665e7f926a15aa9706c4dc73d34aa15d339cd1c01
Opcode Fuzzy Hash: f44574204f1ec71769ae04d3b909a11023564ed2c17e61298740a85bbb33fcfd
Instruction Fuzzy Hash: 2C01843690011CABCB14AB64DC058FE7778EF84360B168249FB05AB291EF30DF4287B0

Uniqueness

Uniqueness Score: -1.00%

Function 00E368F0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00E368FC

Part of subcall function 00E37254: __getptd_noexit.LIBCMT ref: 00E37257
Part of subcall function 00E37254: __amsg_exit.LIBCMT ref: 00E37264

__amsg_exit.LIBCMT ref: 00E3691C
__lock.LIBCMT ref: 00E3692C
_free.LIBCMT ref: 00E3695C

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3170801528-0
Opcode ID: bcc54860c0364ad39d5e278b36aed9ff1ade0f683d854c4eb23ae6917159c085
Instruction ID: 5c51aefdadd0b3a03e850f4be66096fe8db1fef9cacaef55a6eafa5bcf600341
Opcode Fuzzy Hash: bcc54860c0364ad39d5e278b36aed9ff1ade0f683d854c4eb23ae6917159c085
Instruction Fuzzy Hash: AB01A131A01721B7DB31AB74980E759BFA0EF40724F55E015E814BB291C738A942CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00E1030F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00E0F1BA,00000000,00000001,00000000,00000000,?,00E074AC,00000000,00000000,00000000), ref: 00E10326
GetLastError.KERNEL32(?,00E0F1BA,00000000,00000001,00000000,00000000,?,00E074AC,00000000,00000000,00000000,00000000,00000000,?,00E07A33,00000000), ref: 00E10332

Part of subcall function 00E102F8: CloseHandle.KERNEL32(FFFFFFFE,00E10342,?,00E0F1BA,00000000,00000001,00000000,00000000,?,00E074AC,00000000,00000000,00000000,00000000,00000000), ref: 00E10308

___initconout.LIBCMT ref: 00E10342

Part of subcall function 00E102BA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E102E9,00E0F1A7,00000000,?,00E074AC,00000000,00000000,00000000,00000000), ref: 00E102CD

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00E0F1BA,00000000,00000001,00000000,00000000,?,00E074AC,00000000,00000000,00000000,00000000), ref: 00E10357

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0cece4645959290f072eea181d1ae7d0c680ba0bafa440cb2066d48d686a4ced
Instruction ID: 1c865935dfde7b76b05d4cca74833aa4da17a65aa9dac8c8a2369a7f9372406c
Opcode Fuzzy Hash: 0cece4645959290f072eea181d1ae7d0c680ba0bafa440cb2066d48d686a4ced
Instruction Fuzzy Hash: 04F0C736544168BFCF525FA6EC089D93F66FF4D3A1B448410F929A5131C771C9A4DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E07F54 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132fileCOMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E07FA4
ReadFile.KERNEL32(?,?,00001000,?,00000000,00E07CED,00000001,00000000,?,00000000,?,?,00000000,?,?,00E08170), ref: 00E0802A

Strings

|, xrefs: 00E07F6D

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: FileReadUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: |
API String ID: 1834446548-1049989498
Opcode ID: c5dbc58ccb12436807a4be358d717dd28d499b816ac685f34e395cc993214789
Instruction ID: 34967f014760882802332448cddf42b1c54a2d5263e370ba94f87f593b8db231
Opcode Fuzzy Hash: c5dbc58ccb12436807a4be358d717dd28d499b816ac685f34e395cc993214789
Instruction Fuzzy Hash: D941F371A00154AFEB21CF28CE90BEAB7B5FB48314F1091A9E5C9B7281DB74DDC98B50

Uniqueness

Uniqueness Score: -1.00%

Function 00DF90D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00DF910F
__IsNonwritableInCurrentImage.LIBCMT ref: 00DF91C3

Strings

csm, xrefs: 00DF91AD

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 8864b28a5a93c63ba983ca98e029064c70af8ea9d6dcbfdd6e54b620a71980de
Instruction ID: d18fa3313e4202dc5a6557650f266360a558c849fbeb092bae1ea0114d8ff08a
Opcode Fuzzy Hash: 8864b28a5a93c63ba983ca98e029064c70af8ea9d6dcbfdd6e54b620a71980de
Instruction Fuzzy Hash: 0341D034E0020DABCB10DF69C854BAEBBB1EF45314F05C065EA08AB392D731EA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF99DD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00DF9A02

Strings

MOC, xrefs: 00DF9A14
RCC, xrefs: 00DF9A1C

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 2383dc023c628c3f5e9483779d4969796ef2bbb2a94b5292e3a15dafa870053f
Instruction ID: 957c514dbdcb32f4ea4657336e4dd87f5da0d1a4b055acfa8d57a6c7b5c8eefd
Opcode Fuzzy Hash: 2383dc023c628c3f5e9483779d4969796ef2bbb2a94b5292e3a15dafa870053f
Instruction Fuzzy Hash: E0413771D0024DAFCF16DF98C891AEEBBB5FF48304F1A8059FA04A6261D3359A51DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00DF1C4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00DF1C53
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00DF1C8B

Part of subcall function 00DF424A: _Yarn.LIBCPMT ref: 00DF4269
Part of subcall function 00DF424A: _Yarn.LIBCPMT ref: 00DF428D

Strings

bad locale name, xrefs: 00DF1C99

Memory Dump Source

Source File: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 11a6e6c6afd57c7711a9cf97938f28ef090bd125b39276086d1897a707a3c58b
Instruction ID: 493d99092192f027cb616e6af44e1db050a36b0ea06a37f3ea2c1e8f56f01c8a
Opcode Fuzzy Hash: 11a6e6c6afd57c7711a9cf97938f28ef090bd125b39276086d1897a707a3c58b
Instruction Fuzzy Hash: 26F0F475506B449E83309F6A8881453FBE4FE29210395CA2EE2DEC3A11D630A504CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00E2BEA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00E2BED3
__CxxThrowException@8.LIBCMT ref: 00E2BEE8

Strings

tAB, xrefs: 00E2BEE1

Memory Dump Source

Source File: 00000000.00000002.1607514385.0000000000E1D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true

Associated: 00000000.00000002.1607423695.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607458346.0000000000DF1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607489164.0000000000E13000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607610920.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1607624747.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_df0000_file.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID: tAB
API String ID: 3728558374-3708372838
Opcode ID: 0b5a25ec8658adcdf39324c624ed28cb706a99bd5b3b82256d3a41df1fa63ec0
Instruction ID: 595bc84f0e4ed9a37731fd1f7e49e79a4f30e95b5f5614f6d7e386b88b77ee05
Opcode Fuzzy Hash: 0b5a25ec8658adcdf39324c624ed28cb706a99bd5b3b82256d3a41df1fa63ec0
Instruction Fuzzy Hash: 9FE06D3291061DAACF20EE64E8456DD7BE89B103A9F20D266B924E5080EB709688CA91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegAsm.exePID: 416, Parent PID: 6608COMMON

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0.7%
Signature Coverage:	4.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	34

Executed Functions

Function 0041608F Relevance: 207.0, APIs: 114, Strings: 4, Instructions: 490
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,004153D3), ref: 004160A3
GetProcAddress.KERNEL32 ref: 004160BA
GetProcAddress.KERNEL32 ref: 004160D1
GetProcAddress.KERNEL32 ref: 004160E8
GetProcAddress.KERNEL32 ref: 004160FF
GetProcAddress.KERNEL32 ref: 00416116
GetProcAddress.KERNEL32 ref: 0041612D
GetProcAddress.KERNEL32 ref: 00416144
GetProcAddress.KERNEL32 ref: 0041615B
GetProcAddress.KERNEL32 ref: 00416172
GetProcAddress.KERNEL32 ref: 00416189
GetProcAddress.KERNEL32 ref: 004161A0
GetProcAddress.KERNEL32 ref: 004161B7
GetProcAddress.KERNEL32 ref: 004161CE
GetProcAddress.KERNEL32 ref: 004161E5
GetProcAddress.KERNEL32 ref: 004161FC
GetProcAddress.KERNEL32 ref: 00416213
GetProcAddress.KERNEL32 ref: 0041622A
GetProcAddress.KERNEL32 ref: 00416241
GetProcAddress.KERNEL32 ref: 00416258
GetProcAddress.KERNEL32 ref: 0041626F
GetProcAddress.KERNEL32 ref: 00416286
GetProcAddress.KERNEL32 ref: 0041629D
GetProcAddress.KERNEL32 ref: 004162B4
GetProcAddress.KERNEL32 ref: 004162CB
GetProcAddress.KERNEL32 ref: 004162E2
GetProcAddress.KERNEL32 ref: 004162F9
GetProcAddress.KERNEL32 ref: 00416310
GetProcAddress.KERNEL32 ref: 00416327
GetProcAddress.KERNEL32 ref: 0041633E
GetProcAddress.KERNEL32 ref: 00416355
GetProcAddress.KERNEL32 ref: 0041636C
GetProcAddress.KERNEL32 ref: 00416383
GetProcAddress.KERNEL32 ref: 0041639A
GetProcAddress.KERNEL32 ref: 004163B1
GetProcAddress.KERNEL32 ref: 004163C8
GetProcAddress.KERNEL32 ref: 004163DF
GetProcAddress.KERNEL32 ref: 004163F6
GetProcAddress.KERNEL32 ref: 0041640D
GetProcAddress.KERNEL32 ref: 00416424
GetProcAddress.KERNEL32 ref: 0041643B
GetProcAddress.KERNEL32 ref: 00416452
GetProcAddress.KERNEL32 ref: 00416469
LoadLibraryA.KERNEL32(004153D3,?,00000040,00000064,004120B6,0041174F,?,0000002C,00000064,00412035,00412072,?,00000024,00000064,Function_00011FF8,00411CE1), ref: 0041647A
LoadLibraryA.KERNEL32 ref: 0041648B
LoadLibraryA.KERNEL32 ref: 0041649C
LoadLibraryA.KERNEL32 ref: 004164AD
LoadLibraryA.KERNEL32 ref: 004164BE
LoadLibraryA.KERNEL32 ref: 004164CF
LoadLibraryA.KERNEL32 ref: 004164E0
LoadLibraryA.KERNEL32 ref: 004164F1
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00416501
GetProcAddress.KERNEL32(75290000), ref: 0041651C
GetProcAddress.KERNEL32 ref: 00416533
GetProcAddress.KERNEL32 ref: 0041654A
GetProcAddress.KERNEL32 ref: 00416561
GetProcAddress.KERNEL32 ref: 00416578
GetProcAddress.KERNEL32(6FD40000), ref: 00416597
GetProcAddress.KERNEL32 ref: 004165AE
GetProcAddress.KERNEL32 ref: 004165C5
GetProcAddress.KERNEL32 ref: 004165DC
GetProcAddress.KERNEL32 ref: 004165F3
GetProcAddress.KERNEL32 ref: 0041660A
GetProcAddress.KERNEL32 ref: 00416621
GetProcAddress.KERNEL32 ref: 00416638
GetProcAddress.KERNEL32(752C0000), ref: 00416653
GetProcAddress.KERNEL32 ref: 0041666A
GetProcAddress.KERNEL32 ref: 00416681
GetProcAddress.KERNEL32 ref: 00416698
GetProcAddress.KERNEL32 ref: 004166AF
GetProcAddress.KERNEL32(74EC0000), ref: 004166CE
GetProcAddress.KERNEL32 ref: 004166E5
GetProcAddress.KERNEL32 ref: 004166FC
GetProcAddress.KERNEL32 ref: 00416713
GetProcAddress.KERNEL32 ref: 0041672A
GetProcAddress.KERNEL32 ref: 00416741
GetProcAddress.KERNEL32(75BD0000), ref: 00416760
GetProcAddress.KERNEL32 ref: 00416777
GetProcAddress.KERNEL32 ref: 0041678E
GetProcAddress.KERNEL32 ref: 004167A5
GetProcAddress.KERNEL32 ref: 004167BC
GetProcAddress.KERNEL32 ref: 004167D3
GetProcAddress.KERNEL32 ref: 004167EA
GetProcAddress.KERNEL32 ref: 00416801
GetProcAddress.KERNEL32 ref: 00416818
GetProcAddress.KERNEL32(75A70000), ref: 00416833
GetProcAddress.KERNEL32 ref: 0041684A
GetProcAddress.KERNEL32 ref: 00416861
GetProcAddress.KERNEL32 ref: 00416878
GetProcAddress.KERNEL32 ref: 0041688F
GetProcAddress.KERNEL32(75450000), ref: 004168AA
GetProcAddress.KERNEL32 ref: 004168C1
GetProcAddress.KERNEL32(75DA0000), ref: 004168DC
GetProcAddress.KERNEL32 ref: 004168F3
GetProcAddress.KERNEL32(6F090000), ref: 00416912
GetProcAddress.KERNEL32 ref: 00416929
GetProcAddress.KERNEL32 ref: 00416940
GetProcAddress.KERNEL32 ref: 00416957
GetProcAddress.KERNEL32 ref: 0041696E
GetProcAddress.KERNEL32 ref: 00416985
GetProcAddress.KERNEL32 ref: 0041699C
GetProcAddress.KERNEL32 ref: 004169B3
GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 004169C9
GetProcAddress.KERNEL32(InternetSetOptionA), ref: 004169DF
GetProcAddress.KERNEL32(75AF0000), ref: 004169FA
GetProcAddress.KERNEL32 ref: 00416A11
GetProcAddress.KERNEL32 ref: 00416A28
GetProcAddress.KERNEL32 ref: 00416A3F
GetProcAddress.KERNEL32(75D90000), ref: 00416A5A
GetProcAddress.KERNEL32(6E350000), ref: 00416A75
GetProcAddress.KERNEL32 ref: 00416A8C
GetProcAddress.KERNEL32 ref: 00416AA3
GetProcAddress.KERNEL32 ref: 00416ABA
GetProcAddress.KERNEL32(6CB70000,SymMatchString), ref: 00416AD4

Strings

dbghelp.dll, xrefs: 004164F7
InternetSetOptionA, xrefs: 004169CF
HttpQueryInfoA, xrefs: 004169B9
SymMatchString, xrefs: 00416ACE

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
API String ID: 2238633743-951535364
Opcode ID: 374768779ad9c1c57e1c16cf8ad7dc588652fe9c528a838a6daf341ebb71f208
Instruction ID: 3e6caa5aab8599317485c50970fdae4c6edc1eb62b0e69e57b0e8c70e6e37883
Opcode Fuzzy Hash: 374768779ad9c1c57e1c16cf8ad7dc588652fe9c528a838a6daf341ebb71f208
Instruction Fuzzy Hash: E142E875411600EFDB1A9FA0FE48A293FB7FB08B21B14742AF905D2270D7364866EF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040BDAF Relevance: 44.6, APIs: 19, Strings: 6, Instructions: 871
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0040BDB4

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

FindFirstFileA.KERNEL32(00000000,?,00423BAB,00423BAA,00000000,?,00423CEC,?,?,00423BA7,?,?,00000000), ref: 0040BE55
StrCmpCA.SHLWAPI(?,00423CF0,?,?,00000000), ref: 0040BEBC
StrCmpCA.SHLWAPI(?,00423CF4,?,?,00000000), ref: 0040BED6
StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00423CF8,?,?,00423BAE,?,?,00000000), ref: 0040BF87

Part of subcall function 004010D8: _EH_prolog.MSVCRT ref: 004010DD

Strings

B, xrefs: 0040C9B1
\BraveWallet\Preferences, xrefs: 0040C27B
Opera GX, xrefs: 0040BF76
Brave, xrefs: 0040C179
Preferences, xrefs: 0040C198
Google Chrome, xrefs: 0040C6CF

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
String ID: B$Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
API String ID: 3869166975-1712999469
Opcode ID: fc90490b7ed74f28ee2597dc4a44c855b78d0050c25e7afff45057d32c60d682
Instruction ID: 17cf665bec510dd10c8af1510a092d8f18dc0d4bbd26f40d745eae5778ab6a2c
Opcode Fuzzy Hash: fc90490b7ed74f28ee2597dc4a44c855b78d0050c25e7afff45057d32c60d682
Instruction Fuzzy Hash: 16828071900248EACF15EBB6C946BDD7FB8AF15308F1444AEE845732C2DB781B58CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00404165 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 170
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0040416A

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 004041B1
RtlAllocateHeap.NTDLL(00000000), ref: 004041B8
InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004041D7
StrCmpCA.SHLWAPI(?), ref: 004041EB
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040420F
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404245
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404269
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404274
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404292
InternetReadFile.WININET(00000000,?,00000400,?), ref: 004042EA
InternetCloseHandle.WININET(00000000), ref: 0040431C
InternetCloseHandle.WININET(?), ref: 00404325
InternetCloseHandle.WININET(?), ref: 0040432E

Strings

GET, xrefs: 0040423D

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$H_prologHeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET
API String ID: 1687531150-1805413626
Opcode ID: d3b4e2465853432a3083c444009e64989dd2031eb63236b22f5920166c39059c
Instruction ID: d7e372f959dd3e5caf44f256035fa2464378805655ddc5b1d5d1d0239f48c882
Opcode Fuzzy Hash: d3b4e2465853432a3083c444009e64989dd2031eb63236b22f5920166c39059c
Instruction Fuzzy Hash: 69517BB2900119AFDF10EFE4DD85AEFBBB9EB48704F00412AFA11B2190D7785E45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A4CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 1C0A4EE1

Strings

winOpen, xrefs: 1C0A5110
exclusive, xrefs: 1C0A4E81
delayed %dms for lock/sharing conflict at line %d, xrefs: 1C0A4FB5
psow, xrefs: 1C0A51F5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: 6d59faf187940d1645e4279b2aba412528e8b26834deabcec8e135c44ff346f3
Instruction ID: 228db2572dc2a899ed97cb838abb33de284d47320cf39e6decd7666bf680b57b
Opcode Fuzzy Hash: 6d59faf187940d1645e4279b2aba412528e8b26834deabcec8e135c44ff346f3
Instruction Fuzzy Hash: A2F1E2B1A05310CBEB00CFA5C888B6A77F4BB55315F115929FD8AC62C1DB75E845CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0040EDA7 Relevance: 7.6, APIs: 5, Instructions: 70processCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040EDAC

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040EDE7
Process32First.KERNEL32(00000000,00000128), ref: 0040EDF8
Process32Next.KERNEL32(?,00000128), ref: 0040EE60
CloseHandle.KERNEL32(?,?,00000000), ref: 0040EE6D

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32lstrcpy
String ID:
API String ID: 599723951-0
Opcode ID: 5d7eb946d37dbae006d3382ced3585bc01facc56a2b5579cdf30aa957cf0788d
Instruction ID: 442d2adc66867573a605d6bcc60739512b468c637e589a303a8df8f817b73186
Opcode Fuzzy Hash: 5d7eb946d37dbae006d3382ced3585bc01facc56a2b5579cdf30aa957cf0788d
Instruction Fuzzy Hash: 2A214FB1A00118EBCB04EFA6DD45AEEBBB9EF88344F04446EF405F3290CB784A548B65

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1A8 Relevance: 7.6, APIs: 5, Instructions: 62commemoryCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00424C98,00000000,00000001,00424388,00000000,?), ref: 0040F1C8
SysAllocString.OLEAUT32(00000000), ref: 0040F1D6
_wtoi64.MSVCRT ref: 0040F218
SysFreeString.OLEAUT32(?), ref: 0040F22D
SysFreeString.OLEAUT32(00000000), ref: 0040F230

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateInstance_wtoi64
String ID:
API String ID: 1817501562-0
Opcode ID: d4edb80c7c273018b9d901076822336c36bbc8e5ec39c678b9848d0cf7c73554
Instruction ID: 36e1fe214f56445511a06ce0c9af4fa7ab1d6e2d6c38daba9a39b14b96fb5745
Opcode Fuzzy Hash: d4edb80c7c273018b9d901076822336c36bbc8e5ec39c678b9848d0cf7c73554
Instruction Fuzzy Hash: E3118134B04208BFDB10DFA5D848B9EBFB9EF85714F1480B9E804EB251CB769506CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040E651 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,HAL9TH,?,00401063,JohnDoe,00415B49), ref: 0040E65D
HeapAlloc.KERNEL32(00000000,?,00401063,JohnDoe,00415B49), ref: 0040E664
GetUserNameA.ADVAPI32(00000000,?), ref: 0040E678

Strings

HAL9TH, xrefs: 0040E654

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID: HAL9TH
API String ID: 1206570057-1811034163
Opcode ID: dad54f3eeb76aaf9ab3917e628952378ff3586baf3244f5a3df97a0ddb187189
Instruction ID: 3b6bb86c2aa7e6c860c7c69a7c5b7b6065036db9af3dab9ac7174578770e79df
Opcode Fuzzy Hash: dad54f3eeb76aaf9ab3917e628952378ff3586baf3244f5a3df97a0ddb187189
Instruction Fuzzy Hash: 75D05EF6700204BFE7109BA5ED0DF9ABAFCEB84755F400065FB02D2291DAF099018A34

Uniqueness

Uniqueness Score: -1.00%

Function 0040E718 Relevance: 6.0, APIs: 4, Instructions: 29memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ), ref: 0040E729
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040E730
GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040E73F
wsprintfA.USER32 ref: 0040E75D

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 2970ad804210b27692d63d95c1c219e29d2a4f61a4fb4e25faef3d96918d710d
Instruction ID: ddcf64704f1bc3c6141f033c01d982c90cc94944e95df457e6d4af9f879a5c79
Opcode Fuzzy Hash: 2970ad804210b27692d63d95c1c219e29d2a4f61a4fb4e25faef3d96918d710d
Instruction Fuzzy Hash: 36E09271700320BBDB1067B8FC4EF9A3B6EDB41725F100252FA15E21D0E6749D5487E6

Uniqueness

Uniqueness Score: -1.00%

Function 00406252 Relevance: 4.5, APIs: 3, Instructions: 46memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406275
LocalAlloc.KERNEL32(00000040,?,?), ref: 0040628D
LocalFree.KERNEL32(?), ref: 004062AB

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: cadf5577c9b9691b71ad68239c0d5a22a5f3d8c6918a2dc9e96d3e60350b608e
Instruction ID: afe4829b9d1edcfe5df11625f36b51efeaebfb5f47dcb0a2a1b211f2eb5da05d
Opcode Fuzzy Hash: cadf5577c9b9691b71ad68239c0d5a22a5f3d8c6918a2dc9e96d3e60350b608e
Instruction Fuzzy Hash: AF011DB6900218AFDF10EFE8DC448EEBBB9FF48600F10056AF945E7250D37599508B50

Uniqueness

Uniqueness Score: -1.00%

Function 0040E907 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 0040E914
wsprintfA.USER32 ref: 0040E929

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 7294e20f52773795ff6104e9a9063163d126c4ee991cbe2967d73750617d30e0
Instruction ID: 30066c338acff39604fbe4a50ee4d830962821b77274f0eb823570a350decf8b
Opcode Fuzzy Hash: 7294e20f52773795ff6104e9a9063163d126c4ee991cbe2967d73750617d30e0
Instruction Fuzzy Hash: 0AD05EB180021DDBCF10DBA0FC8AE8977BDAB04308F4001A1AB00F2090E374E62E8BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00404360 Relevance: 74.3, APIs: 26, Strings: 16, Instructions: 771
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00404365

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

lstrlen.KERNEL32(00000000), ref: 004043D4

Part of subcall function 0040F82E: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0040F852
Part of subcall function 0040F82E: GetProcessHeap.KERNEL32(00000000,?,?,004043C8,?,?,?,?,?,?), ref: 0040F85F
Part of subcall function 0040F82E: HeapAlloc.KERNEL32(00000000,?,004043C8,?,?,?,?,?,?), ref: 0040F866

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

StrCmpCA.SHLWAPI(?,004239B7,004239B3,004239AB,004239A7,004239A6), ref: 00404457
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404477
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040459C
HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 004045D6
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004045FA

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00423A70,00000000,?,?,00000000), ref: 00404B0A
lstrlen.KERNEL32(00000000), ref: 00404B1C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404B2E
HeapAlloc.KERNEL32(00000000), ref: 00404B35
lstrlen.KERNEL32(00000000), ref: 00404B47
memcpy.MSVCRT ref: 00404B5A
lstrlen.KERNEL32(00000000,?,?), ref: 00404B71
memcpy.MSVCRT ref: 00404B7B
lstrlen.KERNEL32(00000000), ref: 00404B8C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00404BA5
memcpy.MSVCRT ref: 00404BB2
lstrlen.KERNEL32(00000000,?,00000000), ref: 00404BC7
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404BD8
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404BFF
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404C81
StrCmpCA.SHLWAPI(00000000,block), ref: 00404C99
ExitProcess.KERNEL32 ref: 00404CA4
InternetCloseHandle.WININET(?), ref: 00404CB4

Strings

ERROR, xrefs: 00404D83
------, xrefs: 00404750
------, xrefs: 004048B6
------, xrefs: 00404600
", xrefs: 00404822
--, xrefs: 004044F7
0, xrefs: 00404C5F
file_data, xrefs: 00404AAD
", xrefs: 00404AD7
ERROR, xrefs: 00404C0C
", xrefs: 004046D3
block, xrefs: 00404C8B
", xrefs: 00404989
------, xrefs: 004044D0
------, xrefs: 00404A05
build_id, xrefs: 004047F8

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$H_prologHeap$HttpProcessmemcpy$AllocOpenRequestlstrcat$BinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$block$build_id$file_data
API String ID: 2658035217-3618031631
Opcode ID: 476ab2a1d45761da070b74ae7643efb6b3ad890e74c36cd9fde27e782e7ecd9a
Instruction ID: 6206ef52eafb39f864dc7eb2f23dd82a4f663a761a49c87c1cc0ae04d9a46c57
Opcode Fuzzy Hash: 476ab2a1d45761da070b74ae7643efb6b3ad890e74c36cd9fde27e782e7ecd9a
Instruction Fuzzy Hash: BE62667180014CEADB05EBE2C995ADEBBB8AF18308F14446EF501731C2EB786B59DB75

Uniqueness

Uniqueness Score: -1.00%

Function 00415AD9 Relevance: 68.4, APIs: 36, Strings: 3, Instructions: 146
sleeplibrarytimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll), ref: 00415AE6
Sleep.KERNEL32(00000014), ref: 00415B1B
Sleep.KERNEL32(00000014), ref: 00415B22
Sleep.KERNEL32(00000014), ref: 00415B29
Sleep.KERNEL32(00000014), ref: 00415B30
Sleep.KERNEL32(00000014), ref: 00415B37
Sleep.KERNEL32(00000014), ref: 00415B3E
Sleep.KERNEL32(00000014), ref: 00415B4A
Sleep.KERNEL32(00000014), ref: 00415B51
Sleep.KERNEL32(00000014), ref: 00415B58
Sleep.KERNEL32(00000014), ref: 00415B5F
Sleep.KERNEL32(00000014), ref: 00415B6F
Sleep.KERNEL32(00000014), ref: 00415B76
GetSystemTime.KERNEL32(?), ref: 00415B80
Sleep.KERNEL32(00000014), ref: 00415B87
Sleep.KERNEL32(00000014), ref: 00415B8E
srand.MSVCRT ref: 00415B99
Sleep.KERNEL32(00000014), ref: 00415BA0
Sleep.KERNEL32(00000014), ref: 00415BA7
rand.MSVCRT ref: 00415BAD
Sleep.KERNEL32(00000014), ref: 00415BB3
Sleep.KERNEL32(00000014), ref: 00415BBA
Sleep.KERNEL32(00000014), ref: 00415BC6
Sleep.KERNEL32(00000014), ref: 00415BCD
Sleep.KERNEL32(00000014), ref: 00415BD4
Sleep.KERNEL32(00000014), ref: 00415BDB
Sleep.KERNEL32(00000014), ref: 00415BE2
Sleep.KERNEL32(00000014), ref: 00415BE9
Sleep.KERNEL32(00000014), ref: 00415BF0
Sleep.KERNEL32(00000014), ref: 00415BF7
CloseHandle.KERNEL32(00000000), ref: 00415C78
Sleep.KERNEL32(00001B58), ref: 00415C83
OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,?,00424A48,?,00000000,004244C3), ref: 00415C94
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00415CAA
CloseHandle.KERNEL32(00000000), ref: 00415CB8
ExitProcess.KERNEL32 ref: 00415CBF

Strings

kernel32.dll, xrefs: 00415AE1
Sleep, xrefs: 00415AF4
GetSystemTime, xrefs: 00415AFF

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Sleep$CloseEventHandle$CreateExitLibraryLoadOpenProcessSystemTimerandsrand
String ID: GetSystemTime$Sleep$kernel32.dll
API String ID: 1899683397-3444385320
Opcode ID: a20a1ddb1d470827b54f13a8b3a00c6c80afe7113cc5e40a79b8becaa9aec2c7
Instruction ID: 9fbc28225f14d69cee995eff129ba092aaa0e00c5b52ebe00b2e5197042d8efa
Opcode Fuzzy Hash: a20a1ddb1d470827b54f13a8b3a00c6c80afe7113cc5e40a79b8becaa9aec2c7
Instruction Fuzzy Hash: D841AD36501924AFCB017BB1ED4DDDEBF6BAE89715700242EF502B50A1DF3856428FEA

Uniqueness

Uniqueness Score: -1.00%

Function 00405114 Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 647
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00405119

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004051C4
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405363
HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 0040539A
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00423AF8,00000000), ref: 004057A9
lstrlen.KERNEL32(00000000), ref: 004057BA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004057C4
HeapAlloc.KERNEL32(00000000), ref: 004057CB
lstrlen.KERNEL32(00000000), ref: 004057DC
memcpy.MSVCRT ref: 004057ED
lstrlen.KERNEL32(00000000), ref: 004057FE
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405817
memcpy.MSVCRT ref: 00405820
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405833
HttpSendRequestA.WININET(?,00000000,00000000), ref: 00405847
InternetReadFile.WININET(?,?,000000C7,?), ref: 0040589B
InternetCloseHandle.WININET(?), ref: 004058A6
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004053BF

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

InternetCloseHandle.WININET(?), ref: 004058AF
InternetCloseHandle.WININET(?), ref: 004058B8
StrCmpCA.SHLWAPI(?), ref: 004051DB

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Strings

------, xrefs: 0040525D
", xrefs: 00405498
build_id, xrefs: 004055BD
------, xrefs: 0040567B
------, xrefs: 00405515
------, xrefs: 004053C5
", xrefs: 004055E7
mode, xrefs: 00405723
), xrefs: 004058FA
", xrefs: 0040574D

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$H_prolog$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
String ID: "$"$"$)$------$------$------$------$build_id$mode
API String ID: 2237346945-290892794
Opcode ID: c479e2d29b98b47438dbfd3a817438454e91a71a3f64224b7e2e4310f61ac810
Instruction ID: 00d0b6fd9aec665fcf80781b4ea6017fc21f92f67d473f1e1768996e30c26457
Opcode Fuzzy Hash: c479e2d29b98b47438dbfd3a817438454e91a71a3f64224b7e2e4310f61ac810
Instruction Fuzzy Hash: DB42347280014CEADB05EBE2D956AEEBBBCAF14308F14446EF501732C2DB781B59DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0041313D Relevance: 51.8, APIs: 3, Strings: 26, Instructions: 1023
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00413142

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E6BE: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,0042444E), ref: 0040E6CC
Part of subcall function 0040E6BE: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,0042444E), ref: 0040E6D3
Part of subcall function 0040E6BE: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,0042444E), ref: 0040E6DF
Part of subcall function 0040E6BE: wsprintfA.USER32 ref: 0040E70A

Part of subcall function 0040EEF9: memset.MSVCRT ref: 0040EF1F
Part of subcall function 0040EEF9: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,NDB,?,?,00000000), ref: 0040EF3B
Part of subcall function 0040EEF9: RegQueryValueExA.KERNEL32(NDB,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 0040EF5A
Part of subcall function 0040EEF9: CharToOemA.USER32(?,?), ref: 0040EF77

Part of subcall function 0040EF86: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EF97

Part of subcall function 0040EFC1: _EH_prolog.MSVCRT ref: 0040EFC6
Part of subcall function 0040EFC1: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040EFE9
Part of subcall function 0040EFC1: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F01B
Part of subcall function 0040EFC1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F05E
Part of subcall function 0040EFC1: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F065

GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,004244F8,00000000,?,00000000,00000000,?,HWID: ,00000000,?,004244EC,00000000), ref: 00413470

Part of subcall function 0040FA83: OpenProcess.KERNEL32(00000410,00000000,00413480), ref: 0040FA9B
Part of subcall function 0040FA83: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0040FAB6
Part of subcall function 0040FA83: CloseHandle.KERNEL32(00000000), ref: 0040FABD

Part of subcall function 0040F12F: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory), ref: 0040F143
Part of subcall function 0040F12F: HeapAlloc.KERNEL32(00000000,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F14A

Part of subcall function 0040F242: _EH_prolog.MSVCRT ref: 0040F247
Part of subcall function 0040F242: CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000), ref: 0040F257
Part of subcall function 0040F242: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,0042451C), ref: 0040F268
Part of subcall function 0040F242: CoCreateInstance.OLE32(00424EE8,00000000,00000001,00424E18,?,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000), ref: 0040F282
Part of subcall function 0040F242: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,0042451C,00000000), ref: 0040F2B8
Part of subcall function 0040F242: VariantInit.OLEAUT32(?), ref: 0040F313

Part of subcall function 0040F3CB: _EH_prolog.MSVCRT ref: 0040F3D0
Part of subcall function 0040F3CB: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000,?,00000000), ref: 0040F3E0
Part of subcall function 0040F3CB: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504), ref: 0040F3F1
Part of subcall function 0040F3CB: CoCreateInstance.OLE32(00424EE8,00000000,00000001,00424E18,?,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000,?,00000000), ref: 0040F40B
Part of subcall function 0040F3CB: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000), ref: 0040F441
Part of subcall function 0040F3CB: VariantInit.OLEAUT32(?), ref: 0040F490

Part of subcall function 0040E683: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E68F
Part of subcall function 0040E683: HeapAlloc.KERNEL32(00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E696
Part of subcall function 0040E683: GetComputerNameA.KERNEL32(00000000,?), ref: 0040E6AA

Part of subcall function 0040E651: GetProcessHeap.KERNEL32(00000000,00000104,00000000,HAL9TH,?,00401063,JohnDoe,00415B49), ref: 0040E65D
Part of subcall function 0040E651: HeapAlloc.KERNEL32(00000000,?,00401063,JohnDoe,00415B49), ref: 0040E664
Part of subcall function 0040E651: GetUserNameA.ADVAPI32(00000000,?), ref: 0040E678

Part of subcall function 0040EE84: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0040EE99
Part of subcall function 0040EE84: GetDeviceCaps.GDI32(00000000,00000008), ref: 0040EEA4
Part of subcall function 0040EE84: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040EEAF
Part of subcall function 0040EE84: ReleaseDC.USER32(00000000,00000000), ref: 0040EEBA
Part of subcall function 0040EE84: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,?,0041380E,?,00000000,?,Display Resolution: ,00000000,?,00424570,00000000,?), ref: 0040EEC6
Part of subcall function 0040EE84: HeapAlloc.KERNEL32(00000000,?,00000000,?,?,0041380E,?,00000000,?,Display Resolution: ,00000000,?,00424570,00000000,?,00000000), ref: 0040EECD
Part of subcall function 0040EE84: wsprintfA.USER32 ref: 0040EEDF

Part of subcall function 0040E76B: _EH_prolog.MSVCRT ref: 0040E770
Part of subcall function 0040E76B: GetKeyboardLayoutList.USER32(00000000,00000000,004241B7,00000000,?,00000000), ref: 0040E7A2
Part of subcall function 0040E76B: LocalAlloc.KERNEL32(00000040,00000000,?,00000000), ref: 0040E7B0
Part of subcall function 0040E76B: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000000), ref: 0040E7BB
Part of subcall function 0040E76B: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000), ref: 0040E7E5
Part of subcall function 0040E76B: LocalFree.KERNEL32(?), ref: 0040E889

Part of subcall function 0040E718: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ), ref: 0040E729
Part of subcall function 0040E718: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040E730
Part of subcall function 0040E718: GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042454C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040E73F
Part of subcall function 0040E718: wsprintfA.USER32 ref: 0040E75D

Part of subcall function 0040E89E: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004245CC), ref: 0040E8B2
Part of subcall function 0040E89E: HeapAlloc.KERNEL32(00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004245CC,00000000,?), ref: 0040E8B9
Part of subcall function 0040E89E: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040E8D7
Part of subcall function 0040E89E: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040E8F3

Part of subcall function 0040E93A: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040E98D
Part of subcall function 0040E93A: wsprintfA.USER32 ref: 0040E9D3

Part of subcall function 0040E907: GetSystemInfo.KERNEL32(00000000), ref: 0040E914
Part of subcall function 0040E907: wsprintfA.USER32 ref: 0040E929

Part of subcall function 0040EA07: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory,00000000,?,00424504), ref: 0040EA15
Part of subcall function 0040EA07: HeapAlloc.KERNEL32(00000000), ref: 0040EA1C
Part of subcall function 0040EA07: GlobalMemoryStatusEx.KERNEL32 ref: 0040EA3C
Part of subcall function 0040EA07: wsprintfA.USER32 ref: 0040EA62

Part of subcall function 0040EA70: _EH_prolog.MSVCRT ref: 0040EA75
Part of subcall function 0040EA70: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0040EB36

Part of subcall function 0040EDA7: _EH_prolog.MSVCRT ref: 0040EDAC
Part of subcall function 0040EDA7: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040EDE7
Part of subcall function 0040EDA7: Process32First.KERNEL32(00000000,00000128), ref: 0040EDF8
Part of subcall function 0040EDA7: Process32Next.KERNEL32(?,00000128), ref: 0040EE60
Part of subcall function 0040EDA7: CloseHandle.KERNEL32(?,?,00000000), ref: 0040EE6D

Part of subcall function 0040EB55: _EH_prolog.MSVCRT ref: 0040EB5A
Part of subcall function 0040EB55: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,004241CF,00000000,00000000), ref: 0040EBA2

Part of subcall function 0040EB55: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 0040EBEC
Part of subcall function 0040EB55: wsprintfA.USER32 ref: 0040EC16
Part of subcall function 0040EB55: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0040EC33
Part of subcall function 0040EB55: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040EC5D
Part of subcall function 0040EB55: lstrlen.KERNEL32(?), ref: 0040EC72
Part of subcall function 0040EB55: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,00424200), ref: 0040ECF2

lstrlen.KERNEL32(00000000,00000000,?,00424644,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00424634), ref: 00413F04

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00412F70: _EH_prolog.MSVCRT ref: 00412F75
Part of subcall function 00412F70: CreateThread.KERNEL32(00000000,00000000,00411D72,?,00000000,00000000), ref: 0041301B
Part of subcall function 00412F70: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413023

Part of subcall function 004010D8: _EH_prolog.MSVCRT ref: 004010DD

Strings

Display Resolution: , xrefs: 004137DB
Date: , xrefs: 00413220
Threads: , xrefs: 00413B6B
GUID: , xrefs: 0041331E
User Name: , xrefs: 0041375C
VideoCard: , xrefs: 00413C75
Work Dir: In memory, xrefs: 004134E2
Path: , xrefs: 00413446
RAM: , xrefs: 00413BF0
Processor: , xrefs: 00413A55
information.txt, xrefs: 00413F1F
[Software], xrefs: 00413DFD
Local Time: , xrefs: 0041390F
Keyboard Languages: , xrefs: 0041386F
TimeZone: , xrefs: 00413994
[Hardware], xrefs: 00413A25
MachineID: , xrefs: 0041329F
HWID: , xrefs: 004133B2
AV: , xrefs: 00413649
Computer Name: , xrefs: 004136DD
Install Date: , xrefs: 004135B5
V, xrefs: 00413F38
[Processes], xrefs: 00413D51
Version: , xrefs: 0041315E
Windows: , xrefs: 00413536
Cores: , xrefs: 00413AE6

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$H_prolog$Process$Alloc$wsprintf$CreateOpen$InitializeQueryValuelstrcpy$InformationLocalNamelstrlen$BlanketCapsCloseCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariantlstrcat$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $V$Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 722754166-310184570
Opcode ID: 811b7d68a6cfe72faf9ee324c155fb842fa9fd7ce8a615f2435f4a0874e4aef8
Instruction ID: 5f778280f23de2a4fdb259b6ccf19d94640144d39d4e386dcb251b8ba5580ae4
Opcode Fuzzy Hash: 811b7d68a6cfe72faf9ee324c155fb842fa9fd7ce8a615f2435f4a0874e4aef8
Instruction Fuzzy Hash: 1BA22371800288E9DB05E7E2C956BEEBF785F14308F1444AEA541732C2DF782B59DBB6

Uniqueness

Uniqueness Score: -1.00%

Function 0040B9EA Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 275
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0040B9EF

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040F5DE: _EH_prolog.MSVCRT ref: 0040F5E3
Part of subcall function 0040F5DE: GetSystemTime.KERNEL32(?,00424398,00000000,00000001,00000000,004244BE,004244B3,004244B2,00000000,00000000), ref: 0040F623

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?,00423B76,00000000), ref: 0040BAAD
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040BB0E
RtlAllocateHeap.NTDLL(00000000), ref: 0040BB15
lstrlen.KERNEL32(00000000,00000000), ref: 0040BBA6
lstrcat.KERNEL32(?), ref: 0040BBBE
lstrcat.KERNEL32(?,00000000), ref: 0040BBD0
lstrcat.KERNEL32(?,00423B7C), ref: 0040BBDE
lstrcat.KERNEL32(?,00000000), ref: 0040BBF0
lstrcat.KERNEL32(?,00423B80), ref: 0040BBFE
lstrcat.KERNEL32(?), ref: 0040BC0D
lstrcat.KERNEL32(?,00000000), ref: 0040BC1F
lstrcat.KERNEL32(?,00423B84), ref: 0040BC2D
lstrcat.KERNEL32(?), ref: 0040BC3C
lstrcat.KERNEL32(?,00000000), ref: 0040BC4E
lstrcat.KERNEL32(?,00423B88), ref: 0040BC5C
lstrcat.KERNEL32(?), ref: 0040BC6B
lstrcat.KERNEL32(?,00000000), ref: 0040BC7D
lstrcat.KERNEL32(?,00423B8C), ref: 0040BC8B
lstrcat.KERNEL32(?,00423B90), ref: 0040BC99
lstrlen.KERNEL32(?), ref: 0040BCCD
memset.MSVCRT ref: 0040BD20
DeleteFileA.KERNEL32(00000000), ref: 0040BD4D

Part of subcall function 0040635E: _EH_prolog.MSVCRT ref: 00406363
Part of subcall function 0040635E: memcmp.MSVCRT ref: 00406389
Part of subcall function 0040635E: memset.MSVCRT ref: 004063B8
Part of subcall function 0040635E: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00000000), ref: 004063ED

Strings

passwords.txt, xrefs: 0040BCDF

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$H_prolog$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
String ID: passwords.txt
API String ID: 3298853120-347816968
Opcode ID: 8454bc0e9691c7399795ad14da3f904abbb74f93ebf0461abe4fa8449db9faa8
Instruction ID: eacfe064167263d56a5f39260bca9470ec76c25b5eb96d500bc3926372bb56e9
Opcode Fuzzy Hash: 8454bc0e9691c7399795ad14da3f904abbb74f93ebf0461abe4fa8449db9faa8
Instruction Fuzzy Hash: 3DB13B71800109EFDB05EBE1ED4AAEEBB75FF14308F14482AF411721E2DB786A25DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00412358 Relevance: 41.1, APIs: 12, Strings: 11, Instructions: 899
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0041235D

Part of subcall function 00411FF8: _EH_prolog.MSVCRT ref: 00411FFD

Part of subcall function 0040E35E: lstrlen.KERNEL32(?,00000000,?,00415304,004244B3,004244B2,00000000,00000000,?,00415CB7), ref: 0040E367
Part of subcall function 0040E35E: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E39B

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041253E
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004125D4

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00411A77: _EH_prolog.MSVCRT ref: 00411A7C
Part of subcall function 00411A77: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00411ADA

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412715
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004127AB
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004128EC

Part of subcall function 00411B64: _EH_prolog.MSVCRT ref: 00411B69
Part of subcall function 00411B64: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00411BEB
Part of subcall function 00411B64: lstrlen.KERNEL32(00000000), ref: 00411C02
Part of subcall function 00411B64: StrStrA.SHLWAPI(00000000,00000000), ref: 00411C29
Part of subcall function 00411B64: lstrlen.KERNEL32(00000000), ref: 00411C3E
Part of subcall function 00411B64: lstrlen.KERNEL32(00000000), ref: 00411C59

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412982
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412AC3
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412B59
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412C9A
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412D2A
Sleep.KERNEL32(0000EA60), ref: 00412D39

Strings

", xrefs: 00412ED7
ERROR, xrefs: 00412D1C
ERROR, xrefs: 00412530
ERROR, xrefs: 004128DE
ERROR, xrefs: 004125C6
ERROR, xrefs: 0041279D
ERROR, xrefs: 00412974
ERROR, xrefs: 00412C8C
ERROR, xrefs: 00412707
ERROR, xrefs: 00412AB5
ERROR, xrefs: 00412B4B

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpylstrlen$Sleep
String ID: "$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 1345713276-2213018930
Opcode ID: 43269324f860c2ae06b9e27c795a8b236ef888555ccc1246de3ab1475a4c26aa
Instruction ID: d01c531e1e47b4cc6a2d22cd096bc4d660d73e225f58ccdc42e790240094469d
Opcode Fuzzy Hash: 43269324f860c2ae06b9e27c795a8b236ef888555ccc1246de3ab1475a4c26aa
Instruction Fuzzy Hash: 27726070D00248EADB04E7EAC94ABDDBFB8AF15304F1444AEE445B32C2DB785B58D766

Uniqueness

Uniqueness Score: -1.00%

Function 00403AA8 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 513
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00403AAD

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403B58
StrCmpCA.SHLWAPI(?), ref: 00403B6F

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00403CF7
HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00403D31
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00403D55

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

lstrlen.KERNEL32(00000000,00000000,?,?,?,?,004239A5,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 00404031
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040404A
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 0040405B
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004040AF
InternetCloseHandle.WININET(00000000), ref: 004040BA
InternetCloseHandle.WININET(?), ref: 004040CF
InternetCloseHandle.WININET(?), ref: 004040D8

Strings

build_id, xrefs: 00403F52
------, xrefs: 00403BF1
hwid, xrefs: 00403E03
", xrefs: 00403E2D
------, xrefs: 00403EAA
!, xrefs: 00404099
", xrefs: 00403F7C
------, xrefs: 00403D5B

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$H_prologlstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
String ID: !$"$"$------$------$------$build_id$hwid
API String ID: 1139859944-3346224549
Opcode ID: d73f38dbe927608ab9ea402c11925cc2cabc379170bec97884acee1ca15903fb
Instruction ID: 489e92a55be8e718c41cf12358fcc240b45c9422e42718dc0d0a46bd63b7c0da
Opcode Fuzzy Hash: d73f38dbe927608ab9ea402c11925cc2cabc379170bec97884acee1ca15903fb
Instruction Fuzzy Hash: A722517280014CEADB05EBE6C986AEEBFB8AF15304F14446EF501732C2DB781B59DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004066F1 Relevance: 33.5, APIs: 22, Instructions: 492
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 004066F6

Part of subcall function 0040E4FC: StrCmpCA.SHLWAPI(?,00406717,?,00406717,00000000), ref: 0040E505

CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?,00423B7F,00000000), ref: 0040682A

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040FAD8: _EH_prolog.MSVCRT ref: 0040FADD
Part of subcall function 0040FAD8: memset.MSVCRT ref: 0040FAFF
Part of subcall function 0040FAD8: OpenProcess.KERNEL32(00001001,00000000,?,?,00000000), ref: 0040FB86
Part of subcall function 0040FAD8: TerminateProcess.KERNEL32(00000000,00000000), ref: 0040FB94
Part of subcall function 0040FAD8: CloseHandle.KERNEL32(00000000), ref: 0040FB9B

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00406A1C
RtlAllocateHeap.NTDLL(00000000), ref: 00406A23
lstrcat.KERNEL32(?,00000000), ref: 00406B41
lstrcat.KERNEL32(?,00423BBC), ref: 00406B4F
lstrcat.KERNEL32(?,00000000), ref: 00406B61
lstrcat.KERNEL32(?,00423BC0), ref: 00406B6F
lstrlen.KERNEL32(?), ref: 00406CB6
lstrlen.KERNEL32(?), ref: 00406CC4

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00412F70: _EH_prolog.MSVCRT ref: 00412F75
Part of subcall function 00412F70: CreateThread.KERNEL32(00000000,00000000,00411D72,?,00000000,00000000), ref: 0041301B
Part of subcall function 00412F70: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413023

memset.MSVCRT ref: 00406D1C
DeleteFileA.KERNEL32(00000000), ref: 00406D41

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prologlstrcat$Processlstrcpylstrlen$FileHeapmemset$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait
String ID:
API String ID: 36237839-0
Opcode ID: 8bf1e23e095b9cb6b632fcb1a1e4078704d330192dba237c037de93d086178dc
Instruction ID: b1f6e28383e3fff9692a0d78c5777136586142c3e79fd42dd068571671610143
Opcode Fuzzy Hash: 8bf1e23e095b9cb6b632fcb1a1e4078704d330192dba237c037de93d086178dc
Instruction Fuzzy Hash: BE122C71800148EADF05EBA6DD46AEDBB79AF14308F14446EF402731D2EF782B29DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040F242 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 146
memorycomtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0040F247
CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000), ref: 0040F257
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,0042451C), ref: 0040F268
CoCreateInstance.OLE32(00424EE8,00000000,00000001,00424E18,?,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000), ref: 0040F282
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,0042451C,00000000), ref: 0040F2B8
VariantInit.OLEAUT32(?), ref: 0040F313

Part of subcall function 0040F1A8: CoCreateInstance.OLE32(00424C98,00000000,00000001,00424388,00000000,?), ref: 0040F1C8
Part of subcall function 0040F1A8: SysAllocString.OLEAUT32(00000000), ref: 0040F1D6
Part of subcall function 0040F1A8: _wtoi64.MSVCRT ref: 0040F218
Part of subcall function 0040F1A8: SysFreeString.OLEAUT32(?), ref: 0040F22D
Part of subcall function 0040F1A8: SysFreeString.OLEAUT32(00000000), ref: 0040F230

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F34A
GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F356
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,0042451C,00000000,?,Work Dir: In memory,00000000,?,00424504), ref: 0040F35D
VariantClear.OLEAUT32(?), ref: 0040F39F
wsprintfA.USER32 ref: 0040F389

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Strings

ROOT\CIMV2, xrefs: 0040F295
Unknown, xrefs: 0040F3AE
InstallDate, xrefs: 0040F325
%d/%d/%d %d:%d:%d, xrefs: 0040F383
Unknown, xrefs: 0040F3A7
Select * From Win32_OperatingSystem, xrefs: 0040F2C8
WQL, xrefs: 0040F2CD

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prologInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
API String ID: 3912155974-2016369993
Opcode ID: 480ecd5e6308617b09b7f2bb83f1af69c0fa1306002764de5b093bb9eba1a589
Instruction ID: 8d430aa98e8fbb6da78459b6686bb4d7d24871abc0dfaafc268d7e8e302d3495
Opcode Fuzzy Hash: 480ecd5e6308617b09b7f2bb83f1af69c0fa1306002764de5b093bb9eba1a589
Instruction Fuzzy Hash: 07413B71A01229BBDB20DB96DC49EEF7BBCFF49750F104126F905B6180D7789641CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00404EF2 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 174
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00404EF7

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F5A
StrCmpCA.SHLWAPI(?), ref: 00404F6E
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404F91
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404FC7
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404FEB
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404FF6
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405014
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040509A
InternetCloseHandle.WININET(00000000), ref: 004050A5
InternetCloseHandle.WININET(?), ref: 004050AE
InternetCloseHandle.WININET(?), ref: 004050B7

Strings

ERROR, xrefs: 00405108
GET, xrefs: 00404FBF
ERROR, xrefs: 00405021

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$H_prologOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 2435781452-2509457195
Opcode ID: 3d4d4fbf26e2ebf7978a75a9513504c8807dfac8bef4b05161d3d4dffaa68466
Instruction ID: 79a678b2a0cc494efcc75dc192dd75b184ed620f9fc102e1b788574175dbcc72
Opcode Fuzzy Hash: 3d4d4fbf26e2ebf7978a75a9513504c8807dfac8bef4b05161d3d4dffaa68466
Instruction Fuzzy Hash: 2C514B72900119AFEF11EFA1DC85EEEBB79EB14704F10446AF901B3291DB785E448BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040F3CB Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 116
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 0040F3D0
CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000,?,00000000), ref: 0040F3E0
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504), ref: 0040F3F1
CoCreateInstance.OLE32(00424EE8,00000000,00000001,00424E18,?,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000,?,00000000), ref: 0040F40B
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000), ref: 0040F441
VariantInit.OLEAUT32(?), ref: 0040F490

Part of subcall function 0040F70F: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,0040F4B6,?,?,00000000,?,Work Dir: In memory,00000000,?,00424504,00000000,?,00000000), ref: 0040F717
Part of subcall function 0040F70F: CharToOemW.USER32(?,00000000), ref: 0040F723

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

VariantClear.OLEAUT32(?), ref: 0040F4C4

Strings

Select * From AntiVirusProduct, xrefs: 0040F451
WQL, xrefs: 0040F456
Unknown, xrefs: 0040F4CC
Unknown, xrefs: 0040F4D3
root\SecurityCenter2, xrefs: 0040F41E
displayName, xrefs: 0040F4A2

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateH_prologInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 3694693100-2776955613
Opcode ID: 894f7d78f336269578b6be0df3461f30d148b76dc4dd98a4a7241ccd7c9a342a
Instruction ID: 7c94074b8788e290bbbac647dbb775cc57d783b3226285f7529473d301ade818
Opcode Fuzzy Hash: 894f7d78f336269578b6be0df3461f30d148b76dc4dd98a4a7241ccd7c9a342a
Instruction Fuzzy Hash: D9313A71A41229BBDB20DB91DC49EEF7F78FF49B50F10452AF515B6280C7789601CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040EB55 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 178registrystringCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040EB5A

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,004241CF,00000000,00000000), ref: 0040EBA2
RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 0040EBEC
wsprintfA.USER32 ref: 0040EC16
RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0040EC33
RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040EC5D
lstrlen.KERNEL32(?), ref: 0040EC72
RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,00424200), ref: 0040ECF2

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Strings

- , xrefs: 0040ECFC
?, xrefs: 0040EB98
%s\%s, xrefs: 0040EC10

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: OpenQueryValuelstrcpy$EnumH_prologlstrlenwsprintf
String ID: - $%s\%s$?
API String ID: 404191982-3278919252
Opcode ID: d5c9b3819611949e53c760e709a4fbd40657d89aa9f1208d49f3daee27195a02
Instruction ID: 99bb9dff017734bbee94ef9c19374972677afa949dcf6876cc7056feb3432fab
Opcode Fuzzy Hash: d5c9b3819611949e53c760e709a4fbd40657d89aa9f1208d49f3daee27195a02
Instruction Fuzzy Hash: 9D71077280021DEEDF05EFA2DD84AEEBBBDFF18304F14446AE505B2191DB385A19CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040EFC1 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 123memorystringCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040EFC6
GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040EFE9
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F01B
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F05E
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F065
wsprintfA.USER32 ref: 0040F091
lstrcat.KERNEL32(00000000,004241A8), ref: 0040F0A0

Part of subcall function 0040EF86: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EF97

lstrlen.KERNEL32(00000000), ref: 0040F0BF

Part of subcall function 0040FBD6: malloc.MSVCRT ref: 0040FBE4
Part of subcall function 0040FBD6: strncpy.MSVCRT ref: 0040FBF4

lstrcat.KERNEL32(00000000,00000000), ref: 0040F0EC

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Strings

:\, xrefs: 0040F011
C, xrefs: 0040EFF3

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heaplstrcat$AllocCurrentDirectoryH_prologInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
String ID: :\$C
API String ID: 688099012-3309953409
Opcode ID: 0bcebe92465a7a92cbea065f3323c3af507c312008c3df8e97f61e22e3136c30
Instruction ID: 21b1a67321f8a6d24ce454ee99169210ff371cc83a106d68236fb6aef6421878
Opcode Fuzzy Hash: 0bcebe92465a7a92cbea065f3323c3af507c312008c3df8e97f61e22e3136c30
Instruction Fuzzy Hash: 92418E72801159AACB11EBE6DD899EFBBBDEF49304F10087EF401B3141DA384A19CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00411B64 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 116stringCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00411B69

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00404EF2: _EH_prolog.MSVCRT ref: 00404EF7
Part of subcall function 00404EF2: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F5A
Part of subcall function 00404EF2: StrCmpCA.SHLWAPI(?), ref: 00404F6E
Part of subcall function 00404EF2: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404F91
Part of subcall function 00404EF2: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404FC7
Part of subcall function 00404EF2: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404FEB
Part of subcall function 00404EF2: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404FF6
Part of subcall function 00404EF2: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405014

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00411BEB
lstrlen.KERNEL32(00000000), ref: 00411C02

Part of subcall function 0040F7EF: LocalAlloc.KERNEL32(00000040,00411C18,00000001,00000000,?,00411C17,00000000,00000000), ref: 0040F808

StrStrA.SHLWAPI(00000000,00000000), ref: 00411C29
lstrlen.KERNEL32(00000000), ref: 00411C3E
lstrlen.KERNEL32(00000000), ref: 00411C59

Strings

ERROR, xrefs: 00411C8B
ERROR, xrefs: 00411C7D
ERROR, xrefs: 00411C84
ERROR, xrefs: 00411C69
ERROR, xrefs: 00411BDD

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HttpInternetlstrcpylstrlen$H_prologOpenRequest$AllocConnectInfoLocalOptionQuerySend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3807055897-1526165396
Opcode ID: 10e399d1f04da16177a1dc4c6de4d81cdc987d3e5c45476915a2faf5dc38b38d
Instruction ID: 41a7fa48013b42fb793d60589e812285dc4a9145a1393323b16df02da28cd504
Opcode Fuzzy Hash: 10e399d1f04da16177a1dc4c6de4d81cdc987d3e5c45476915a2faf5dc38b38d
Instruction Fuzzy Hash: 5141A771901254AACB04FFE2D955BED7BA8EF19308F10446FF905732C1EB785B14C6AA

Uniqueness

Uniqueness Score: -1.00%

Function 00404D92 Relevance: 15.1, APIs: 10, Instructions: 116networkfileCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00404D97

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00403A07: _EH_prolog.MSVCRT ref: 00403A0C
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A47
Part of subcall function 00403A07: ??_U@YAPAXI@Z.MSVCRT ref: 00403A50
Part of subcall function 00403A07: lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
Part of subcall function 00403A07: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404DE6
StrCmpCA.SHLWAPI(?), ref: 00404E00
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E24
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404E45
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00404E6C
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404E90
CloseHandle.KERNEL32(?,?,00000400), ref: 00404EAA
InternetCloseHandle.WININET(00000000), ref: 00404EB1
InternetCloseHandle.WININET(?), ref: 00404EBA

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$H_prologOpen$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2737972104-0
Opcode ID: a25d67a3a2f3fdfeaba9d8df5627200e159ff2d5a2b49d18510ea29a32385fb9
Instruction ID: 9992f2a2cb445bd017637bb275931e072b683fe6351a7a81dedcbf61475a23e3
Opcode Fuzzy Hash: a25d67a3a2f3fdfeaba9d8df5627200e159ff2d5a2b49d18510ea29a32385fb9
Instruction Fuzzy Hash: 8C4138B2900209ABDB10EFE1DD85EEE7B7DFF44704F10443AFA11B2191D7385A458BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040D2BA Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040D2BF
StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040D300
StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040D375
StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040D491

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040CA5F: _EH_prolog.MSVCRT ref: 0040CA64

Part of subcall function 0040A810: _EH_prolog.MSVCRT ref: 0040A815

StrCmpCA.SHLWAPI(00000000), ref: 0040D547
StrCmpCA.SHLWAPI(00000000), ref: 0040D5BB

Strings

Stable\, xrefs: 0040D5FE
Stable\, xrefs: 0040D3B8

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpy
String ID: Stable\$ Stable\
API String ID: 2120869262-4033978473
Opcode ID: 0d37dc93a3ab44cf1acd9cd16f14fc52873d997c91e71b002d2caaf26f4d2e09
Instruction ID: 528cf13577b2f7f329050b7ccef95fe7cac87747c3dc2e9dd2ec3b92d3dc2083
Opcode Fuzzy Hash: 0d37dc93a3ab44cf1acd9cd16f14fc52873d997c91e71b002d2caaf26f4d2e09
Instruction Fuzzy Hash: EFD15271D00248AACF10EBBAD9467DDBFB4AF19304F50846EF84577282DB785718CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0040EEF9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 42registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040EF1F
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,NDB,?,?,00000000), ref: 0040EF3B
RegQueryValueExA.KERNEL32(NDB,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 0040EF5A
CharToOemA.USER32(?,?), ref: 0040EF77

Strings

NDB, xrefs: 0040EF27, 0040EF60, 0040EF57, 0040EF2A
MachineGuid, xrefs: 0040EF52
SOFTWARE\Microsoft\Cryptography, xrefs: 0040EF31

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CharOpenQueryValuememset
String ID: MachineGuid$NDB$SOFTWARE\Microsoft\Cryptography
API String ID: 1728412123-443910793
Opcode ID: 13e4882eb1125f27dd797c198b71fdf7c31a4107cfe51514bc4cf764ddd0f3a6
Instruction ID: c7b45006bd05bcce8b765a7edbe6677ca4963fc08e8d1b136df89886e47375eb
Opcode Fuzzy Hash: 13e4882eb1125f27dd797c198b71fdf7c31a4107cfe51514bc4cf764ddd0f3a6
Instruction Fuzzy Hash: 6E012C7594021DFFDB10DBA0EC89EEAB77CEB14748F1000A1B145A2052EBB49E998B60

Uniqueness

Uniqueness Score: -1.00%

Function 00406138 Relevance: 10.6, APIs: 7, Instructions: 70filememoryCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040613D
CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406160
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406177
LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406193
ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 004061AD
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004061C3
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004061CE

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeH_prologHandleReadSize
String ID:
API String ID: 3869837436-0
Opcode ID: 14799fd20c6eaaff4fd43e91c765d24a78c4929a0e36d0399129c3326377c819
Instruction ID: 4eef68157ad315862bfd7591b0fce14e4dd7968f7242f7c704032396ebb2caca
Opcode Fuzzy Hash: 14799fd20c6eaaff4fd43e91c765d24a78c4929a0e36d0399129c3326377c819
Instruction Fuzzy Hash: 26219F31A00104AFDB209FA5DC89AAF7BB9FF44760F10092AF912F62D1D7349955CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA07 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory,00000000,?,00424504), ref: 0040EA15
HeapAlloc.KERNEL32(00000000), ref: 0040EA1C
GlobalMemoryStatusEx.KERNEL32 ref: 0040EA3C
wsprintfA.USER32 ref: 0040EA62

Strings

%d MB, xrefs: 0040EA5C
@, xrefs: 0040EA35

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 3644086013-3474575989
Opcode ID: 0d6f02759f3faad2c4d5b1dc494c944bc3e773da87faed9fee065f8d8b5c4296
Instruction ID: 34444111109be8d414b5ba55085423e125bbd5c149e3b0f9e886c25067a5b7a5
Opcode Fuzzy Hash: 0d6f02759f3faad2c4d5b1dc494c944bc3e773da87faed9fee065f8d8b5c4296
Instruction Fuzzy Hash: 3CF05BB1700204ABE7149BB5DC4AF7E76BDE744705F400529F606E72C0D774DC158769

Uniqueness

Uniqueness Score: -1.00%

Function 004152AA Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 609networksleepCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 004152AF

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 00411F49: _EH_prolog.MSVCRT ref: 00411F4E

Part of subcall function 00411FF8: _EH_prolog.MSVCRT ref: 00411FFD

Part of subcall function 0040E35E: lstrlen.KERNEL32(?,00000000,?,00415304,004244B3,004244B2,00000000,00000000,?,00415CB7), ref: 0040E367
Part of subcall function 0040E35E: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E39B

Part of subcall function 0041608F: GetProcAddress.KERNEL32(74DD0000,004153D3), ref: 004160A3
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004160BA
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004160D1
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004160E8
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004160FF
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416116
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 0041612D
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416144
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 0041615B
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416172
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416189
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004161A0
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004161B7
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004161CE
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004161E5
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004161FC
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416213
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 0041622A
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416241
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416258
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 0041626F
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 00416286
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 0041629D
Part of subcall function 0041608F: GetProcAddress.KERNEL32 ref: 004162B4

Part of subcall function 0040F5DE: _EH_prolog.MSVCRT ref: 0040F5E3
Part of subcall function 0040F5DE: GetSystemTime.KERNEL32(?,00424398,00000000,00000001,00000000,004244BE,004244B3,004244B2,00000000,00000000), ref: 0040F623

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00412358: _EH_prolog.MSVCRT ref: 0041235D

Part of subcall function 00411CE1: _EH_prolog.MSVCRT ref: 00411CE6

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004154DB
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004154F7

Part of subcall function 0040EFC1: _EH_prolog.MSVCRT ref: 0040EFC6
Part of subcall function 0040EFC1: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040EFE9
Part of subcall function 0040EFC1: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F01B
Part of subcall function 0040EFC1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F05E
Part of subcall function 0040EFC1: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F065

Part of subcall function 00403AA8: _EH_prolog.MSVCRT ref: 00403AAD
Part of subcall function 00403AA8: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403B58
Part of subcall function 00403AA8: StrCmpCA.SHLWAPI(?), ref: 00403B6F

Part of subcall function 0041068E: _EH_prolog.MSVCRT ref: 00410693
Part of subcall function 0041068E: StrCmpCA.SHLWAPI(00000000,block,00000000,?,?,00415572), ref: 004106B5
Part of subcall function 0041068E: ExitProcess.KERNEL32 ref: 004106C0

Part of subcall function 00405114: _EH_prolog.MSVCRT ref: 00405119
Part of subcall function 00405114: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004051C4
Part of subcall function 00405114: StrCmpCA.SHLWAPI(?), ref: 004051DB

Part of subcall function 0041017A: _EH_prolog.MSVCRT ref: 0041017F
Part of subcall function 0041017A: strtok_s.MSVCRT ref: 004101A6
Part of subcall function 0041017A: StrCmpCA.SHLWAPI(00000000,00424468,?,?,?,?,00415701), ref: 004101D7
Part of subcall function 0041017A: strtok_s.MSVCRT ref: 00410238

Part of subcall function 00401E78: _EH_prolog.MSVCRT ref: 00401E7D

Part of subcall function 00405114: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405363
Part of subcall function 00405114: HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 0040539A

Part of subcall function 004116B1: _EH_prolog.MSVCRT ref: 004116B6
Part of subcall function 004116B1: strtok_s.MSVCRT ref: 004116DD

Sleep.KERNEL32(000003E8), ref: 004158B0

Part of subcall function 00405114: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004053BF

Part of subcall function 004116B1: strtok_s.MSVCRT ref: 0041171D

Strings

5 Ar A, xrefs: 004153E1

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$H_prolog$Internetlstrcpy$Open$strtok_s$HeapProcesslstrcatlstrlen$AllocConnectDirectoryExitHttpInformationOptionRequestSleepSystemTimeVolumeWindows
String ID: 5 Ar A
API String ID: 3168723216-3291926139
Opcode ID: 86f87955fcc1c16ebec1c5af04fe795e2ce60e0376ce5a452a8983ef4ce18e12
Instruction ID: 3374eb596b5d5a0286ed6da2344d269bd5d9a88185801f0b009e9d551ef1266a
Opcode Fuzzy Hash: 86f87955fcc1c16ebec1c5af04fe795e2ce60e0376ce5a452a8983ef4ce18e12
Instruction Fuzzy Hash: 7C326F71D00258EADF10EBA5CD46BDDBBB8AF19304F5444AEF50473281DB781B588BA7

Uniqueness

Uniqueness Score: -1.00%

Function 00403A07 Relevance: 9.1, APIs: 6, Instructions: 56stringnetworkCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00403A0C
??_U@YAPAXI@Z.MSVCRT ref: 00403A3E
??_U@YAPAXI@Z.MSVCRT ref: 00403A47
??_U@YAPAXI@Z.MSVCRT ref: 00403A50
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403A6A
InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403A7A

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CrackH_prologInternetlstrlen
String ID:
API String ID: 503950642-0
Opcode ID: 5b0f473bc6de785b603484c5dda3f58595e418fb1afa4ba0098c9ca6f55afbf0
Instruction ID: 2f8a022458d13e61e496b472b41c0555fc9e22f0f2bbbfe777871443f4a07e58
Opcode Fuzzy Hash: 5b0f473bc6de785b603484c5dda3f58595e418fb1afa4ba0098c9ca6f55afbf0
Instruction Fuzzy Hash: EB111C71D01218AACB14EFA5D845ADE7F78AF05324F20462AE425E72D0DB789B45CA54

Uniqueness

Uniqueness Score: -1.00%

Function 00406492 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153libraryCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00406497

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00423B74,?,?,?,00423B6F,00000000), ref: 00406554

Part of subcall function 0040E35E: lstrlen.KERNEL32(?,00000000,?,00415304,004244B3,004244B2,00000000,00000000,?,00415CB7), ref: 0040E367
Part of subcall function 0040E35E: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E39B

SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00423B78,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00423B73), ref: 004065CC
LoadLibraryA.KERNEL32(00000000), ref: 004065E7

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00406548, 0040654D, 00406567

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$H_prolog$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 757424748-3463377506
Opcode ID: 4839454172695e66329f3c4df5c3fa71ca6b00c885d6233381056ebeb16fa1c7
Instruction ID: 43ce55d3e1cd6bde044dc6bd4eb531da728d52fb991cb47f02cf4b9312dcc2f3
Opcode Fuzzy Hash: 4839454172695e66329f3c4df5c3fa71ca6b00c885d6233381056ebeb16fa1c7
Instruction Fuzzy Hash: 0861C030800544EECB25EFA1DC11AADBF75AF18314F14546EB402332E2DB381A25DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040B8F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040B8FA

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 00406138: _EH_prolog.MSVCRT ref: 0040613D
Part of subcall function 00406138: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406160
Part of subcall function 00406138: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406177
Part of subcall function 00406138: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406193
Part of subcall function 00406138: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 004061AD
Part of subcall function 00406138: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004061CE

Part of subcall function 0040F7EF: LocalAlloc.KERNEL32(00000040,00411C18,00000001,00000000,?,00411C17,00000000,00000000), ref: 0040F808

StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B94D

Part of subcall function 004061EF: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004058D6,00000000,00000000), ref: 0040620F
Part of subcall function 004061EF: LocalAlloc.KERNEL32(00000040,004058D6,?,?,004058D6,00000000,?,?), ref: 0040621D
Part of subcall function 004061EF: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004058D6,00000000,00000000), ref: 00406233
Part of subcall function 004061EF: LocalFree.KERNEL32(00000000,?,?,004058D6,00000000,?,?), ref: 00406242

memcmp.MSVCRT ref: 0040B98B

Part of subcall function 00406252: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406275
Part of subcall function 00406252: LocalAlloc.KERNEL32(00000040,?,?), ref: 0040628D
Part of subcall function 00406252: LocalFree.KERNEL32(?), ref: 004062AB

Strings

, xrefs: 0040B9B6
DPAPI, xrefs: 0040B985

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFile$BinaryFreeH_prologString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
String ID: $DPAPI
API String ID: 2477620391-1819349886
Opcode ID: a0337b104d7bdc9eb05821e0783c88bfa9a633a26a112ddf58528968e0daa942
Instruction ID: 5462ebcd07b9b3f23ea230b439bca26bcb77bd97e8f1387946214589f9c78b7e
Opcode Fuzzy Hash: a0337b104d7bdc9eb05821e0783c88bfa9a633a26a112ddf58528968e0daa942
Instruction Fuzzy Hash: DD21A2F2900509ABCF11AB95CD039EFBB79EF04310F15013BFA02B11D1EB39A654C6A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040F12F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory), ref: 0040F143
HeapAlloc.KERNEL32(00000000,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F14A
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000,?), ref: 0040F178
RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C,00000000), ref: 0040F194

Strings

Windows 11, xrefs: 0040F15B

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID: Windows 11
API String ID: 3676486918-2517555085
Opcode ID: 4c1697d9cb05b4db5057b5077521dec4cac67f92389f3bcf7131b559e4689ecb
Instruction ID: 7bc758894e67b39e7d898eda6472a7f8de8691deac7626c15fb90c1d10f9c35c
Opcode Fuzzy Hash: 4c1697d9cb05b4db5057b5077521dec4cac67f92389f3bcf7131b559e4689ecb
Instruction Fuzzy Hash: 43F04F71640205FBEB245BE1EC0AF6E7A7EEB44B40F105035BA01AA1E0E7B49A159B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E5D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,0040E648,0040F157,?,?,?,00413565,00000000,?,Windows: ,00000000), ref: 0040E5EA
HeapAlloc.KERNEL32(00000000,?,?,?,0040E648,0040F157,?,?,?,00413565,00000000,?,Windows: ,00000000,?,0042451C), ref: 0040E5F1
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,0040E648,0040F157,?,?,?,00413565,00000000,?,Windows: ), ref: 0040E60F
RegQueryValueExA.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,0040E648,0040F157,?,?,?,00413565,00000000), ref: 0040E62A

Strings

CurrentBuildNumber, xrefs: 0040E622

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3676486918-1022791448
Opcode ID: 549e49055244fb50ba3e643d806a6003bcdca7952e55b5f0cffcd51b8ddef338
Instruction ID: b7f42767185e9f38a1ff468a9371dc0538b1b369f25423ee430d375e0e4f8806
Opcode Fuzzy Hash: 549e49055244fb50ba3e643d806a6003bcdca7952e55b5f0cffcd51b8ddef338
Instruction Fuzzy Hash: 83F01D71640204FBEB145BA1EC0AF6E7A7DEB44B04F201025FA01A5091EBB559119A68

Uniqueness

Uniqueness Score: -1.00%

Function 0040249B Relevance: 7.5, APIs: 5, Instructions: 39memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004024B4

Part of subcall function 00402420: memset.MSVCRT ref: 00402445
Part of subcall function 00402420: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,00000014,00000000,00000000), ref: 0040246B
Part of subcall function 00402420: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,00000000,00000000,00000000), ref: 00402485

strcat.MSVCRT(?,00000000,?,?,00000000,00000104,00000014), ref: 004024C9
GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,00000014), ref: 004024D4
RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,00000014), ref: 004024DB

Part of subcall function 004022CC: ??_U@YAPAXI@Z.MSVCRT ref: 00402351

memset.MSVCRT ref: 00402504

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: memset$BinaryCryptHeapString$AllocateProcessstrcat
String ID:
API String ID: 3248666761-0
Opcode ID: afdd7b3011673d52c96721e2c9069d36e8a2a3d42a33eac084e48a4c2f8877b8
Instruction ID: 81291bc694c62cd0b743446bc76ae1be4e6ee0c4b5db74b158aaa1b3385ea87d
Opcode Fuzzy Hash: afdd7b3011673d52c96721e2c9069d36e8a2a3d42a33eac084e48a4c2f8877b8
Instruction Fuzzy Hash: 29F031B6D44118BBDB10A7A5DD0AFCA76BC9F14348F0000A6B945F2082D9B4AB948AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD1E Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 457COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040CD23

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

StrCmpCA.SHLWAPI(00000000,Opera GX,00423BF6,00423BF3,?,?,?), ref: 0040CD6D

Part of subcall function 0040F7A3: SHGetFolderPathA.SHELL32(00000000,O<B,00000000,00000000,?), ref: 0040F7D4

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040F75F: _EH_prolog.MSVCRT ref: 0040F764
Part of subcall function 0040F75F: GetFileAttributesA.KERNEL32(00000000,?,0040D11E,?,?,?,?), ref: 0040F778

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 0040B8F5: _EH_prolog.MSVCRT ref: 0040B8FA
Part of subcall function 0040B8F5: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B94D
Part of subcall function 0040B8F5: memcmp.MSVCRT ref: 0040B98B

Strings

#, xrefs: 0040D231
Opera GX, xrefs: 0040CD55

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
String ID: #$Opera GX
API String ID: 2375657845-1046280356
Opcode ID: 365c27948030887efd5d28f9d3dad48fd84b568b9db89a3ee69902fb63eb4699
Instruction ID: 34ed864e4e7d28deed13c865a2ed6ebf9a9f8fcae2343485183800af8996532d
Opcode Fuzzy Hash: 365c27948030887efd5d28f9d3dad48fd84b568b9db89a3ee69902fb63eb4699
Instruction Fuzzy Hash: 6C02707180124CEADF04EBE6D946ADEBBB8AF15308F14446EF801732C2DB785B18D766

Uniqueness

Uniqueness Score: -1.00%

Function 1C09FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,?), ref: 1C09FE03

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 1C09FE78
winRead, xrefs: 1C09FE3D

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: d6f04aafc23d630eed82af09139a85c4f226c00fc2e4958129a381e02296b2da
Instruction ID: 216b58ef8a43a849dfb4568e1ca9bd69e364cd01a9da821848d0e562c3506f54
Opcode Fuzzy Hash: d6f04aafc23d630eed82af09139a85c4f226c00fc2e4958129a381e02296b2da
Instruction Fuzzy Hash: E14113B2A05345ABD700DE64CD81AAFB7E9FF84210F84092DF948C3651E731F9189BB2

Uniqueness

Uniqueness Score: -1.00%

Function 00411D72 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00411D77
lstrlen.KERNEL32(00000000), ref: 00411D94
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00411E58

Strings

ERROR, xrefs: 00411E52

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prologlstrlen
String ID: ERROR
API String ID: 2133942097-2861137601
Opcode ID: 78b53590cb42131a73bc90ee9761f4be8f64d29eee803dc2d75c48913128bc46
Instruction ID: d665764c68c2d683c75a42baa45f0e20be98dba9c60f49559ed6524b1d272c93
Opcode Fuzzy Hash: 78b53590cb42131a73bc90ee9761f4be8f64d29eee803dc2d75c48913128bc46
Instruction Fuzzy Hash: DB318571900148AFCB00EFAAD946ADD7FB4AF15318F10846EF905B7292D7389658C795

Uniqueness

Uniqueness Score: -1.00%

Function 00411A77 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00411A7C

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00404EF2: _EH_prolog.MSVCRT ref: 00404EF7
Part of subcall function 00404EF2: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F5A
Part of subcall function 00404EF2: StrCmpCA.SHLWAPI(?), ref: 00404F6E
Part of subcall function 00404EF2: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404F91
Part of subcall function 00404EF2: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404FC7
Part of subcall function 00404EF2: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404FEB
Part of subcall function 00404EF2: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404FF6
Part of subcall function 00404EF2: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405014

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00411ADA

Strings

ERROR, xrefs: 00411AC8
ERROR, xrefs: 00411B02

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HttpInternet$H_prologOpenRequest$ConnectInfoOptionQuerySendlstrcpy
String ID: ERROR$ERROR
API String ID: 1120091252-2579291623
Opcode ID: bbbad24492610d03f9cb6a343405c04e3a04baa2e778640e1f0c8b307578df75
Instruction ID: c10f265733079788ce1beb020a6bc8157ba9384e6cd0facc98e36d473c363c30
Opcode Fuzzy Hash: bbbad24492610d03f9cb6a343405c04e3a04baa2e778640e1f0c8b307578df75
Instruction Fuzzy Hash: CD213D74904148EEDB00FFE6C556BDD7BB4AF14308F5044AEE945A3282DB78AB18C766

Uniqueness

Uniqueness Score: -1.00%

Function 00412F70 Relevance: 6.1, APIs: 4, Instructions: 76sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00412F75

Part of subcall function 00411EAC: _EH_prolog.MSVCRT ref: 00411EB1

Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 00412FF9
CreateThread.KERNEL32(00000000,00000000,00411D72,?,00000000,00000000), ref: 0041301B
WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413023

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$CreateObjectSingleSleepThreadWait
String ID:
API String ID: 2678630583-0
Opcode ID: 298882296a7955a9a225d578641df3838ff13dc64488900d3e042fe5a5ecd721
Instruction ID: 09c2a2700ced1d728891672dfd0f8811e0d164b67028549265d68e94afb5f6b6
Opcode Fuzzy Hash: 298882296a7955a9a225d578641df3838ff13dc64488900d3e042fe5a5ecd721
Instruction Fuzzy Hash: 2A317376800248EFCB01DFE5C985ADD7BB8FF08314F10442EF806A3281DB789A89CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0040E89E Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004245CC), ref: 0040E8B2
HeapAlloc.KERNEL32(00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004245CC,00000000,?), ref: 0040E8B9
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040E8D7
RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413A8A,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040E8F3

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: 9faebf2de75bf63b99fbadaceea92aed034a018285eddf57d64b14fdac7aec56
Instruction ID: 59302f8f08e84b6e53205e23179ccb4f2d667525b456669fd9439546fa12dc8f
Opcode Fuzzy Hash: 9faebf2de75bf63b99fbadaceea92aed034a018285eddf57d64b14fdac7aec56
Instruction Fuzzy Hash: A6F05E76640204FFEB149FA1EC0EFAE7A7EEB84B04F101025FB01A61A0D7B19911DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041086E Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 691COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00410873

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,?,?,00424684,?,?,?,00000000,?,?,00424680,?,?,?), ref: 00410FD0

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00404D92: _EH_prolog.MSVCRT ref: 00404D97
Part of subcall function 00404D92: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404DE6
Part of subcall function 00404D92: StrCmpCA.SHLWAPI(?), ref: 00404E00
Part of subcall function 00404D92: InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E24
Part of subcall function 00404D92: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404E45
Part of subcall function 00404D92: InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404E90
Part of subcall function 00404D92: CloseHandle.KERNEL32(?,?,00000400), ref: 00404EAA
Part of subcall function 00404D92: InternetCloseHandle.WININET(00000000), ref: 00404EB1
Part of subcall function 00404D92: InternetCloseHandle.WININET(?), ref: 00404EBA

Part of subcall function 00404D92: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00404E6C

Strings

E, xrefs: 00411177

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prologInternetlstrcpy$CloseFileHandle$CreateOpenlstrcat$DirectoryReadWritelstrlen
String ID: E
API String ID: 2172055965-3568589458
Opcode ID: 4c0029da599ed2ac816204df3927d9b291426cbf73a4ffcbe4c4b9897c5ed7a5
Instruction ID: c4efe4efdfaad88b00d563889e55045131ebd4388e9f9190f6b0678513af584d
Opcode Fuzzy Hash: 4c0029da599ed2ac816204df3927d9b291426cbf73a4ffcbe4c4b9897c5ed7a5
Instruction Fuzzy Hash: 26626C31801288EADF05EBE6D955BDCBFB46F29308F1444AEE445732C2DB781B18DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00401043 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

Part of subcall function 0040E683: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E68F
Part of subcall function 0040E683: HeapAlloc.KERNEL32(00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E696
Part of subcall function 0040E683: GetComputerNameA.KERNEL32(00000000,?), ref: 0040E6AA

Part of subcall function 0040E651: GetProcessHeap.KERNEL32(00000000,00000104,00000000,HAL9TH,?,00401063,JohnDoe,00415B49), ref: 0040E65D
Part of subcall function 0040E651: HeapAlloc.KERNEL32(00000000,?,00401063,JohnDoe,00415B49), ref: 0040E664
Part of subcall function 0040E651: GetUserNameA.ADVAPI32(00000000,?), ref: 0040E678

ExitProcess.KERNEL32 ref: 00401070

Strings

JohnDoe, xrefs: 00401059
HAL9TH, xrefs: 00401043

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID: HAL9TH$JohnDoe
API String ID: 1004333139-3469431008
Opcode ID: c325a229e93f0b281faee4112369322461e72d20a9d288c4c314f514dd301ac1
Instruction ID: 2ef834e29eece2a673e7f1ed4b69fc1af26aeea72df36d94ee3d5202348ae326
Opcode Fuzzy Hash: c325a229e93f0b281faee4112369322461e72d20a9d288c4c314f514dd301ac1
Instruction Fuzzy Hash: 97D05E61A8474210ED3436B2780AD1612884C20768360093BB002F19C6ED7E8490006C

Uniqueness

Uniqueness Score: -1.00%

Function 00407147 Relevance: 4.7, APIs: 3, Instructions: 231stringCOMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040714C

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

lstrlen.KERNEL32(00000000), ref: 00407383
lstrlen.KERNEL32(00000000), ref: 00407397

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 00412F70: _EH_prolog.MSVCRT ref: 00412F75
Part of subcall function 00412F70: CreateThread.KERNEL32(00000000,00000000,00411D72,?,00000000,00000000), ref: 0041301B
Part of subcall function 00412F70: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413023

Part of subcall function 004010D8: _EH_prolog.MSVCRT ref: 004010DD

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
String ID:
API String ID: 3193997572-0
Opcode ID: 686b5e08ec1518f19b5cfc0172cce503a6c00adae9226d5b486b1620cefd56ba
Instruction ID: 2db634f6e4f8391188817ca8b70ad80a656b740c6967db4882bbb68c6e89a19d
Opcode Fuzzy Hash: 686b5e08ec1518f19b5cfc0172cce503a6c00adae9226d5b486b1620cefd56ba
Instruction Fuzzy Hash: 34A18431804148EADF09EBE6D955BDDBBB4AF18308F54446EF405732C2DB782B18DB26

Uniqueness

Uniqueness Score: -1.00%

Function 0040FA83 Relevance: 4.5, APIs: 3, Instructions: 28COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00413480), ref: 0040FA9B
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0040FAB6
CloseHandle.KERNEL32(00000000), ref: 0040FABD

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: f8103156aad628352d265fe4394452c368a59e008b91e0c9a691aedd6324bf5a
Instruction ID: 9fa8da15bc1bd996d1c6d90f9597c2e1419af83dcafec2f5f0315d7c757bc199
Opcode Fuzzy Hash: f8103156aad628352d265fe4394452c368a59e008b91e0c9a691aedd6324bf5a
Instruction Fuzzy Hash: 52F03076901228BBDB20AB50DC09FD97B69AF04755F004061FA45A61D0DBB49A848BD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040E683 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E68F
HeapAlloc.KERNEL32(00000000,?,?,0040104D,HAL9TH,00415B49), ref: 0040E696
GetComputerNameA.KERNEL32(00000000,?), ref: 0040E6AA

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: b83d286ff64a099836f19afa592c91b9195e3a8c7a744618c8208ad52fbd73d1
Instruction ID: 557862b87a92863bd0aefa927051c0b0989c03f65f9f1febeffc8aa881e0f0b8
Opcode Fuzzy Hash: b83d286ff64a099836f19afa592c91b9195e3a8c7a744618c8208ad52fbd73d1
Instruction Fuzzy Hash: FBE08CB1700204ABE7109BAAAC0DF9AB6ECEB84745F400036F602D2291DAB489018628

Uniqueness

Uniqueness Score: -1.00%

Function 0040A810 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040A815

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040F7A3: SHGetFolderPathA.SHELL32(00000000,O<B,00000000,00000000,?), ref: 0040F7D4

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040F75F: _EH_prolog.MSVCRT ref: 0040F764
Part of subcall function 0040F75F: GetFileAttributesA.KERNEL32(00000000,?,0040D11E,?,?,?,?), ref: 0040F778

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 0041086E: _EH_prolog.MSVCRT ref: 00410873

Part of subcall function 00406492: _EH_prolog.MSVCRT ref: 00406497
Part of subcall function 00406492: GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00423B74,?,?,?,00423B6F,00000000), ref: 00406554
Part of subcall function 00406492: SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00423B78,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00423B73), ref: 004065CC
Part of subcall function 00406492: LoadLibraryA.KERNEL32(00000000), ref: 004065E7

Part of subcall function 004093C1: _EH_prolog.MSVCRT ref: 004093C6
Part of subcall function 004093C1: FindFirstFileA.KERNEL32(00000000,?,00000000,?,00423DD4,?,?,00423BD2,00000000), ref: 00409443
Part of subcall function 004093C1: StrCmpCA.SHLWAPI(?,00423DD8), ref: 00409460
Part of subcall function 004093C1: StrCmpCA.SHLWAPI(?,00423DDC), ref: 0040947A
Part of subcall function 004093C1: StrCmpCA.SHLWAPI(?,00000000,?,?,?,00423DE0,?,?,00423BD3), ref: 00409511

Part of subcall function 004066E4: FreeLibrary.KERNEL32(0040A9FA), ref: 004066EA

Strings

\..\, xrefs: 0040A8DB

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpy$EnvironmentFileLibraryVariablelstrcat$AttributesFindFirstFolderFreeLoadPathlstrlen
String ID: \..\
API String ID: 2661990186-4220915743
Opcode ID: e0c41eb1485d981a691e7cc9249337549ce86ce46f790e81e161a8a06c85b492
Instruction ID: c9b8218839ee67037faa05465a27bbd49f7b352c94817c32eda783aedc932c4c
Opcode Fuzzy Hash: e0c41eb1485d981a691e7cc9249337549ce86ce46f790e81e161a8a06c85b492
Instruction Fuzzy Hash: 4E616F71C01248EACB05FBE6C546BDDBFB86F18308F14446EE845732C2EB785718C6AA

Uniqueness

Uniqueness Score: -1.00%

Function 00405D46 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000002,00000002,?,00000000,?,?,00405E75), ref: 00405DC5

Strings

, xrefs: 00405D98

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: a9ca3820c71c3eda37ba079eb7877add819211e6f4f865b059153334e2d250ef
Instruction ID: cee62a71552f9d0dad0b6714305bc6c0a244a081a93a829b40d8518b33be5322
Opcode Fuzzy Hash: a9ca3820c71c3eda37ba079eb7877add819211e6f4f865b059153334e2d250ef
Instruction Fuzzy Hash: 3D115B7150190AEBEB60CF9485487ABB6A5FF04340F6084279942E22C0C7789A41DF69

Uniqueness

Uniqueness Score: -1.00%

Function 0040F7A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,O<B,00000000,00000000,?), ref: 0040F7D4

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Strings

O<B, xrefs: 0040F7D0

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID: O<B
API String ID: 1699248803-1873169068
Opcode ID: 8cf3e5411f5412c3d29d0bc09b79c54d7594f1da92bb46549c9b8e78b8a74386
Instruction ID: 45e6c66cee0d393bbb3ccfbecb5adc22dc475a6df9d0c134277c29a1610a0002
Opcode Fuzzy Hash: 8cf3e5411f5412c3d29d0bc09b79c54d7594f1da92bb46549c9b8e78b8a74386
Instruction Fuzzy Hash: 22F01CB590014CABDB11DF64C8909EDB7FDEBC8700F10C5AAA90593280D6309F469B50

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF86 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0040EF97

Strings

Unknown, xrefs: 0040EFAA

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 6a5c29231768e02ec54d7e71c5f3ded4356e949e652b53887adf4e8dc1d825f2
Instruction ID: dcaad79bc021bc7f3acda73ba1a55b24e0372051eba70068b5ae00655755aee4
Opcode Fuzzy Hash: 6a5c29231768e02ec54d7e71c5f3ded4356e949e652b53887adf4e8dc1d825f2
Instruction Fuzzy Hash: 76E0EC71A0010AEBDB10DBA6E845FA977ACAB04348F54846AF801A7281DA78D519DB69

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C04D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

failed to allocate %u bytes of memory, xrefs: 1C0C04E7

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: failed to allocate %u bytes of memory
API String ID: 0-1168259600
Opcode ID: e6d2c4bfa51d8498add30b3efe9fe68915fb04e6c1ad4b70b869e16563618274
Instruction ID: f9fa242457f05d9e0e0d6e0cc67bcf5b23d2091e19fcf8135885a1c86dc254ba
Opcode Fuzzy Hash: e6d2c4bfa51d8498add30b3efe9fe68915fb04e6c1ad4b70b869e16563618274
Instruction Fuzzy Hash: 6CC01266F8C22263D61151D0AC01BCE79D14BA0691F064574FD4C59220D555B895A7E6

Uniqueness

Uniqueness Score: -1.00%

Function 0040F75F Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040F764
GetFileAttributesA.KERNEL32(00000000,?,0040D11E,?,?,?,?), ref: 0040F778

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AttributesFileH_prolog
String ID:
API String ID: 3244726999-0
Opcode ID: 6f00de53327e1575e3fd9b3adeca56bb0ef3e21a75ba924ab05cb97eefee5d2f
Instruction ID: bf31c61f93718621c586fb5ee84d7f60d8da8a4487b707c6ecbf40584ea00f83
Opcode Fuzzy Hash: 6f00de53327e1575e3fd9b3adeca56bb0ef3e21a75ba924ab05cb97eefee5d2f
Instruction Fuzzy Hash: 88E09271900514ABCB14EFA9D8411DD7720EF057A4F50CA3FFC22B36D0DB389A068689

Uniqueness

Uniqueness Score: -1.00%

Function 00405A30 Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,?,00000000,?,?,00405E32,00000000,00000000), ref: 00405A8F
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,00000000,?,?,00405E32,00000000,00000000), ref: 00405ABB

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 13952f3c5282676e9fff2e4139e34abb68a3afbd7b4b0673f58908b5c203bd9e
Instruction ID: e70a3417a4082e47c5cc675eccf9baa03e5a1765de93523d1ed94c5c1dee212e
Opcode Fuzzy Hash: 13952f3c5282676e9fff2e4139e34abb68a3afbd7b4b0673f58908b5c203bd9e
Instruction Fuzzy Hash: C1218E71700B059BC724CFB4CD85BABB7F5EB40714F24492AE51AE7290D279AD40CF18

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA5F Relevance: 1.7, APIs: 1, Instructions: 223COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040CA64

Part of subcall function 0040E2EA: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E314

Part of subcall function 0040F7A3: SHGetFolderPathA.SHELL32(00000000,O<B,00000000,00000000,?), ref: 0040F7D4

Part of subcall function 0040E3EF: _EH_prolog.MSVCRT ref: 0040E3F4
Part of subcall function 0040E3EF: lstrcpy.KERNEL32(00000000), ref: 0040E440
Part of subcall function 0040E3EF: lstrcat.KERNEL32(?,?), ref: 0040E44A

Part of subcall function 0040E3A8: lstrcpy.KERNEL32(00000000,?), ref: 0040E3E1

Part of subcall function 0040E463: _EH_prolog.MSVCRT ref: 0040E468
Part of subcall function 0040E463: lstrlen.KERNEL32(?,00000000,00000014,?,?,00415C39,?,?,00424A48,?,00000000,004244C3), ref: 0040E490
Part of subcall function 0040E463: lstrcpy.KERNEL32(00000000), ref: 0040E4B7
Part of subcall function 0040E463: lstrcat.KERNEL32(?,?), ref: 0040E4C2

Part of subcall function 0040E321: lstrcpy.KERNEL32(00000000,FEF4858D), ref: 0040E347

Part of subcall function 0040F75F: _EH_prolog.MSVCRT ref: 0040F764
Part of subcall function 0040F75F: GetFileAttributesA.KERNEL32(00000000,?,0040D11E,?,?,?,?), ref: 0040F778

Part of subcall function 00401128: _EH_prolog.MSVCRT ref: 0040112D

Part of subcall function 0040B8F5: _EH_prolog.MSVCRT ref: 0040B8FA
Part of subcall function 0040B8F5: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B94D
Part of subcall function 0040B8F5: memcmp.MSVCRT ref: 0040B98B

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
String ID:
API String ID: 2375657845-0
Opcode ID: 4597e9f492b4abec28de3f8be5e0d609f2bc0f875424d102e088936dfb669a81
Instruction ID: 309d288b9ccc134c4f2c4fad64900418b064d3a2b89e9a0470d2305c40c458cb
Opcode Fuzzy Hash: 4597e9f492b4abec28de3f8be5e0d609f2bc0f875424d102e088936dfb669a81
Instruction Fuzzy Hash: 5D915371C04248EADF01EBE6C946ADEBFB8AF15304F14456EE805732C2DB786718C766

Uniqueness

Uniqueness Score: -1.00%

Function 004022CC Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00402351

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d50d11f332d6a377c3f8add0ff253d87510b3e7d06e0d9eca9cc1a03079b34c
Instruction ID: 2328445efe7ab2f58eb15f40147bb64acd6b7df007c89a747e70fe0b03bcf46e
Opcode Fuzzy Hash: 1d50d11f332d6a377c3f8add0ff253d87510b3e7d06e0d9eca9cc1a03079b34c
Instruction Fuzzy Hash: 624112715002299FCB11CF69D8806ED7BB1FF89318F1484BADD55EB391D2786E82CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00405DE6 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51cafca5650e2118d254ae9eefb3e2f5288941b44b5279c34b8c0c76604affb9
Instruction ID: bebd83ccdab7e7645d1c2bd5a0387410984b3a34777dd0c5b6702729d22ebb59
Opcode Fuzzy Hash: 51cafca5650e2118d254ae9eefb3e2f5288941b44b5279c34b8c0c76604affb9
Instruction Fuzzy Hash: 65414571A0060AAFCF24AF94C9809AFBBB1EB44314F10447FE915B73D1D6389A408F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040F7EF Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00411C18,00000001,00000000,?,00411C17,00000000,00000000), ref: 0040F808

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 809bd9db62f843099d219f587c5f1b217cf4d34188a8969acdfecfbe07a78063
Instruction ID: 22e1c66203287f6fd8eee1415e23343aff34f20db5efb21ad28aca308324e2b2
Opcode Fuzzy Hash: 809bd9db62f843099d219f587c5f1b217cf4d34188a8969acdfecfbe07a78063
Instruction Fuzzy Hash: 74F0EC376016145BCB325D6998005AB775AEBC5F61B08C17BDE44AB784C735EC0642E4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 1C1D0480 Relevance: 30.2, APIs: 8, Strings: 9, Instructions: 476COMMON

Download Yara Rule

Strings

cach, xrefs: 1C1D082B
invalid uri authority: %.*s, xrefs: 1C1D05C2
lhos, xrefs: 1C1D05A1
mode, xrefs: 1C1D0867
loca, xrefs: 1C1D0598
%s mode not allowed: %s, xrefs: 1C1D09EC
no such %s mode: %s, xrefs: 1C1D0922
file, xrefs: 1C1D04DA
no such vfs: %s, xrefs: 1C1D099A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s mode not allowed: %s$cach$file$invalid uri authority: %.*s$lhos$loca$mode$no such %s mode: %s$no such vfs: %s
API String ID: 0-1127695371
Opcode ID: 95c6ceaca7fc849d8c607eb063cb5eb2d8df9cf4ed4c00c80c2b0ad38f3ceac9
Instruction ID: 9cb478ef77c152b302fe07078e49678557190ef6cdb01908fe8d21de24eb9235
Opcode Fuzzy Hash: 95c6ceaca7fc849d8c607eb063cb5eb2d8df9cf4ed4c00c80c2b0ad38f3ceac9
Instruction Fuzzy Hash: 71F178709883828FE7158E15C59837B7BE2AFC6394F56075CE8D90B282D736D44ACB72

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B8680 Relevance: 28.6, APIs: 9, Strings: 7, Instructions: 550COMMON

Download Yara Rule

Strings

recursively defined fts5 content table, xrefs: 1C0B86C5
parse error in rank function: %s, xrefs: 1C0B97FF
, xrefs: 1C0B9848
ASC, xrefs: 1C0B98BA
DESC, xrefs: 1C0B98C2, 1C0B98D6
%s: table does not support scanning, xrefs: 1C0B9979
SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s, xrefs: 1C0B98F1

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: $%s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$parse error in rank function: %s$recursively defined fts5 content table
API String ID: 0-2381147695
Opcode ID: 2e718a3451cc96553840c2aaf4cefb5a37520b37327d1bd2f23131ef989fcc29
Instruction ID: 2bc1c6dea9aa177c4d220216a251eec7becbddad0c91a49d2a676217a6043a66
Opcode Fuzzy Hash: 2e718a3451cc96553840c2aaf4cefb5a37520b37327d1bd2f23131ef989fcc29
Instruction Fuzzy Hash: DE22EFB9900391DFDB04CF25C880BAABBF4BF49304F154629FC89AB250E735E945CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BD9E0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 564COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C1BDA9B, 1C1BDDFE
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1BDACC, 1C1BDE2F
API called with finalized prepared statement, xrefs: 1C1BDAB0, 1C1BDE13
%s at line %d of [%.10s], xrefs: 1C1BDADB, 1C1BDE3E
misuse, xrefs: 1C1BDAD6, 1C1BDE39

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: dd836131d2abef767eab911419429769e6077dae342030b261c940bbf9742dd6
Instruction ID: c6826c2f4d3977e2a4009f663849425702fc60656b3bc02bca7e515921d99d7c
Opcode Fuzzy Hash: dd836131d2abef767eab911419429769e6077dae342030b261c940bbf9742dd6
Instruction Fuzzy Hash: AA1212B49847419BE320AF21CD44B9777F4AF45318F40062CE899A6286E77AF409CFB7

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A66C0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 416COMMON

Download Yara Rule

Strings

_shape does not contain a valid polygon, xrefs: 1C0A6816

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: _shape does not contain a valid polygon
API String ID: 0-1814939628
Opcode ID: adbc1c6fa5ce30c38a70e48c0d953ea692461e76464360a4336d0eb17bfaf0f3
Instruction ID: 0a5795df9cbe483adbfe6590d38476cb8241f6ffb4bf75154292fce47378dc18
Opcode Fuzzy Hash: adbc1c6fa5ce30c38a70e48c0d953ea692461e76464360a4336d0eb17bfaf0f3
Instruction Fuzzy Hash: 1DE1BBB59043019BD300DF65CC40A5FBBF8AFC8710F144A2DF99997251E732E94ACBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BB400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s, xrefs: 1C0BB696
ASC, xrefs: 1C0BB651, 1C0BB678
DESC, xrefs: 1C0BB656, 1C0BB65E, 1C0BB67D, 1C0BB685
SELECT %s ORDER BY rowid %s, xrefs: 1C0BB665

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
API String ID: 0-3496276579
Opcode ID: 9b71ac976470ed569491d1bb4d7772ce38b5070b58fe2f49fd9e3373c0abf6c1
Instruction ID: ab60a3016ef54585aaa25b0b8bd3cb0821f47298f7b2d78fd54ddee3029a8fea
Opcode Fuzzy Hash: 9b71ac976470ed569491d1bb4d7772ce38b5070b58fe2f49fd9e3373c0abf6c1
Instruction Fuzzy Hash: B8C11479500B419FD721CF25D8407ABB7E4FF44310F144A2EE89AA6A40E73AFA49C776

Uniqueness

Uniqueness Score: -1.00%

Function 1C10DB10 Relevance: 18.3, APIs: 12, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c58fc91fa44996fee067150e336956741ba7fb5d9649a636e25de337c0c5e6
Instruction ID: d15bb0b9c55a64160584b8c6084a57365a81f5598ab2cd183d78554da8a61746
Opcode Fuzzy Hash: 72c58fc91fa44996fee067150e336956741ba7fb5d9649a636e25de337c0c5e6
Instruction Fuzzy Hash: DB81F175644301ABE310EF68CD80BAFB3E9EF84314F84092CF98597240E675F9198BA7

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C0FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

e, xrefs: 1C0C115A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction ID: 9c6fce63315be60ea247fa8de12fe21c5445078eba2715b6a23b37872ec45b47
Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction Fuzzy Hash: EF5134B23042419FEB04CE69CC80BABB7E4EF85312F2005AEF88586551E771F858DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C10DFC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

%lld %lld, xrefs: 1C10E055

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %lld %lld
API String ID: 0-3794783949
Opcode ID: 8264ad879be96f34539e22b21ebf58cc74c47e542302f8110274c2706e1eeaae
Instruction ID: 056e0905facdabbc988df087d30c18c4c315c03ef12e0bf8fd33fe3f4b5fe4a7
Opcode Fuzzy Hash: 8264ad879be96f34539e22b21ebf58cc74c47e542302f8110274c2706e1eeaae
Instruction Fuzzy Hash: 593125B5341200BBE6119B698D05FAB77FADF81710F10441CFA85A3291E772E8259BBA

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B14D0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 360COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C1B1571
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1B15A2
API called with finalized prepared statement, xrefs: 1C1B1586
%s at line %d of [%.10s], xrefs: 1C1B15B1
misuse, xrefs: 1C1B15AC

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: abdeb566860163767b2159a3397a353dca9badb0773de65f5f4ae15c0b9d530f
Instruction ID: c02d7fcd9d7f43d4f85e69f4baac9eb2df39a54afcec05d82e2cb273581eae01
Opcode Fuzzy Hash: abdeb566860163767b2159a3397a353dca9badb0773de65f5f4ae15c0b9d530f
Instruction Fuzzy Hash: 13C167B5A803419BE7208FA5CD44B9777F4BF00314F26062CE88AA7241E775E459CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BD4F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 310COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C1BD5AC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1BD5DD
API called with finalized prepared statement, xrefs: 1C1BD5C1
%s at line %d of [%.10s], xrefs: 1C1BD5EC
misuse, xrefs: 1C1BD5E7

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 829c40cc7714791f34bb843e565b2d3aceddbedec9d3ef6879274618db107fd4
Instruction ID: 2d3849b0173b67ecd511159cf2e8639712845ecfface0e97c8a2589fbc19a949
Opcode Fuzzy Hash: 829c40cc7714791f34bb843e565b2d3aceddbedec9d3ef6879274618db107fd4
Instruction Fuzzy Hash: B3B1DFB49407029FE314AF25C984B9777F4AF44318F40462CE89AAB245E776E44ACFB7

Uniqueness

Uniqueness Score: -1.00%

Function 1C174D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab3d73a27295613e58e72ca6469789c412f75c9394a31962ec0a1c1236e0108
Instruction ID: 8360d82ae5c34252d1d2e26e304d58332dcb096b2353ee379ca2cfdbe7b04701
Opcode Fuzzy Hash: 6ab3d73a27295613e58e72ca6469789c412f75c9394a31962ec0a1c1236e0108
Instruction Fuzzy Hash: 23F103B0A40352DBD700DF69CD88A6B77F8EF91315F14062CEC5982281EB75E949CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C108200 Relevance: 14.0, APIs: 9, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ad529efc43b12dc61b3429512f544fa71ad32e92e8dcebfc08b0f8833f970f
Instruction ID: b83104b466551d3ada06c88e324675c28df70d99ddb0bfe3f7470e3320f3a04b
Opcode Fuzzy Hash: 37ad529efc43b12dc61b3429512f544fa71ad32e92e8dcebfc08b0f8833f970f
Instruction Fuzzy Hash: A402C2B2948351EBE7108F64C984B5BB7F8BF88354F044A2DFD8997250D735E864CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1C145940 Relevance: 12.4, APIs: 8, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b2a792f918ff64e6ec98c272d3dbdf1f7a5a918bda93c14255c2338d0fb768c
Instruction ID: 00995eea99d2276547d2792b0b0641b66b8f3ee5c8aaf0ce32988f041648b514
Opcode Fuzzy Hash: 2b2a792f918ff64e6ec98c272d3dbdf1f7a5a918bda93c14255c2338d0fb768c
Instruction Fuzzy Hash: E6C16CB6E983415FF7009A18CC817DB7795EF92310FB8062EE48987752E329E549C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1351D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON

Download Yara Rule

Strings

, xrefs: 1C135334
REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1C135264

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-69911113
Opcode ID: b8e406a8bbd5769eb884cc880909a4ef5a009f2372716620f72aeaeca23e226e
Instruction ID: 6b65ec290d1a22f09e095d3ea804af970e1f1fc1bd497616a6aafdb868f8c2a2
Opcode Fuzzy Hash: b8e406a8bbd5769eb884cc880909a4ef5a009f2372716620f72aeaeca23e226e
Instruction Fuzzy Hash: 0B41C1B5A00301EFE700DF29CD80B5AB7E5FF88759F055528F988AB211D771E914CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C16D610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction ID: 8b027a15f637f693e4aeb760771bbc91dd41b4e6710d0bccd7f04501de94b293
Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction Fuzzy Hash: 844104B56407129BDB00EF25CD80A9BB7E8FF44314F40462CF85886610E771F96ADBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0F4760 Relevance: 9.4, APIs: 6, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cd44e4e9c4c726c9a6d1497d6ac824e42cacc9d78abb89edd0865aa3e163aa2
Instruction ID: 286285776d506e90201debb3e64802817a3d5942ca44e3f64b141beed9beb23a
Opcode Fuzzy Hash: 0cd44e4e9c4c726c9a6d1497d6ac824e42cacc9d78abb89edd0865aa3e163aa2
Instruction Fuzzy Hash: D4F1A1B1A05355DFD300CFA8C88465AB7F4BF94304F165A2DFC8997211E771E988CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A4820 Relevance: 9.3, APIs: 6, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de62a79ee6ad9b39d5fa5fa21a7866931d2f2e38d6740c20c284de5bac61066
Instruction ID: 01959cef4a06d1d37ce8a775127b9f85712bb0a6eac33fd8e887408b7b6430d3
Opcode Fuzzy Hash: 8de62a79ee6ad9b39d5fa5fa21a7866931d2f2e38d6740c20c284de5bac61066
Instruction Fuzzy Hash: E0B1CDB4914742AFD300CF66C884B5BB7F8BF99304F009A19F85996240E774E499CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A5C70 Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction ID: ae5c1b887cf1c0c0bccdb62d50587b02e8021f2a8c51c4531133acedf5387d39
Opcode Fuzzy Hash: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction Fuzzy Hash: 14410EB5204701AFEB14DF98C884FA6B7E4FF88310F20456AE9958B691E772F855CB70

Uniqueness

Uniqueness Score: -1.00%

Function 1C129090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 180b181ba8c505531ce4cbbbab7b0cb7c466bb2d92ca7293db7edb77eacadc50
Instruction ID: 107a8bc8b8d2a35f2277d70c874df096c0d12523861c1d6ab7edb44d86b79a3f
Opcode Fuzzy Hash: 180b181ba8c505531ce4cbbbab7b0cb7c466bb2d92ca7293db7edb77eacadc50
Instruction Fuzzy Hash: 0931F1796002009FE310CF2AD984AA6B3E6FF80365F6445B9E8468F262D722FC55DF60

Uniqueness

Uniqueness Score: -1.00%

Function 1C0FE200 Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93353339deea2156400a465300338e2e597302004bb82f7ee168c12edd58e4e3
Instruction ID: 710de0600fa2203232e72c127a5f7a88ea1ad82ddc25f71423c462d9da34b377
Opcode Fuzzy Hash: 93353339deea2156400a465300338e2e597302004bb82f7ee168c12edd58e4e3
Instruction Fuzzy Hash: 0B110AB62053056BD3049BA5EC41FEBF3DCEF48321F100529F70991140EB76B959A7B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0E06E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

VUUU, xrefs: 1C0E083A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: d17082e42fb0252415c9655b9a857b3dd628af575b26a6e4e6b51f551e3d595e
Instruction ID: b8c62e61ffff333ddf397d2458983b419deef663bd11e5b69415d9be470b4aff
Opcode Fuzzy Hash: d17082e42fb0252415c9655b9a857b3dd628af575b26a6e4e6b51f551e3d595e
Instruction Fuzzy Hash: 5981F6B1A043458FD714DF29C890A6BFBE4FF88204F154A6DE889C7241E771E948DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C111FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1C112001

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-914542581
Opcode ID: 42f205ea9f9b7032a1d5e4446be111459ac1829d9a8807524abdf1b7f3eed3ea
Instruction ID: 33ac7f10c389c282af775ef58a5986d7401e094c65e10be6fb80fdcb8b49a324
Opcode Fuzzy Hash: 42f205ea9f9b7032a1d5e4446be111459ac1829d9a8807524abdf1b7f3eed3ea
Instruction Fuzzy Hash: 5B21EEB5540205AFEB10AB79DD80F9677E9EF04354F004228F8489B111D776F864CBB9

Uniqueness

Uniqueness Score: -1.00%

Function 1C283300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,1C283688,?,00000000), ref: 1C283399
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,1C283688,?,00000000), ref: 1C2833C2
GetACP.KERNEL32(?,?,1C283688,?,00000000), ref: 1C2833D7

Strings

OCP, xrefs: 1C283354
ACP, xrefs: 1C28331E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ababfc0f707d8b43dc6bebfe4a02643cdc7bb1b50d94c5e36282e73365e7dad5
Instruction ID: b27df21c1bb3622b41d158b708530c72679a2ca688757b333e749c7b0c632d91
Opcode Fuzzy Hash: ababfc0f707d8b43dc6bebfe4a02643cdc7bb1b50d94c5e36282e73365e7dad5
Instruction Fuzzy Hash: FA218332B01147E7E7159F55C905A8B72E6AF50E60B668564FB09DB2A4EF32ED40C3F0

Uniqueness

Uniqueness Score: -1.00%

Function 1C093AA3 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32 ref: 1C28365A
IsValidCodePage.KERNEL32(00000000), ref: 1C283698
IsValidLocale.KERNEL32(?,00000001), ref: 1C2836AB
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 1C2836F3
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 1C28370E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: Locale$InfoValid$CodeDefaultPageUser
String ID:
API String ID: 3475089800-0
Opcode ID: 2fb7cfc7d10840d3a5d5751d921be32b7ae0d15947b3256f151851d07677954c
Instruction ID: 92cc529981ea3e546a4abbed5d035c6535535517c19ec6464a8c71474f45974d
Opcode Fuzzy Hash: 2fb7cfc7d10840d3a5d5751d921be32b7ae0d15947b3256f151851d07677954c
Instruction Fuzzy Hash: 4E516FB5A012169BDF00DBA9CC84ABE77F8BF08B00F254569F915E71D0E770E9048B74

Uniqueness

Uniqueness Score: -1.00%

Function 1C10A6F0 Relevance: 7.6, APIs: 5, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48cbbbbbd8810e7383f7707b6f3b2cf8864da932491d60c4096080bdcf29e316
Instruction ID: 2cb4a185cfa3ccec73504038b41c9f32f25929865bffd1dc926505e1913bf94d
Opcode Fuzzy Hash: 48cbbbbbd8810e7383f7707b6f3b2cf8864da932491d60c4096080bdcf29e316
Instruction Fuzzy Hash: 6F6139B51087819FD720CF95C481B8BBBF1BF85380FA14A1CE59B6B260D732A415CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0E8550 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction ID: 695e1f57001609daa4c36f6364bed84d68ebc552fac9083e88049bcb65a724b2
Opcode Fuzzy Hash: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction Fuzzy Hash: 6601ADB9600201ABDA11AF18ED00BDB77E5AFC5715F15046CF80466250D732F82CE7BA

Uniqueness

Uniqueness Score: -1.00%

Function 1C0FE090 Relevance: 6.1, APIs: 4, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715e3690ee6d8a91bd4ea496fa460fc4a539b732774efcd0d23f68330eff5ff7
Instruction ID: d8c3836d018bc9ab74289f93d8c112439d42b9ba0e6c3f73bcb4f7c4976d9c38
Opcode Fuzzy Hash: 715e3690ee6d8a91bd4ea496fa460fc4a539b732774efcd0d23f68330eff5ff7
Instruction Fuzzy Hash: 82310E715112009FE714CF0AD840BB7BBE4BB85B10F01859AF8658F252E336ECDACBA5

Uniqueness

Uniqueness Score: -1.00%

Function 1C092C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 1C2348A7
IsDebuggerPresent.KERNEL32 ref: 1C234973
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1C234993
UnhandledExceptionFilter.KERNEL32(?), ref: 1C23499D

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: ed45275474e17c31b72b11ecfd7d36c2fb0c05ae436cec407d606c8c17ba4e24
Instruction ID: 76c4c71f83735080362ab3369a004f86365bc90b107fe4d45ea4c33f2318ae04
Opcode Fuzzy Hash: ed45275474e17c31b72b11ecfd7d36c2fb0c05ae436cec407d606c8c17ba4e24
Instruction Fuzzy Hash: 08311AB5D01219DBDB10DF64C989BCCBBF8AF08300F1051EAE40CA7290EB719A859F15

Uniqueness

Uniqueness Score: -1.00%

Function 1C0EEF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction ID: 36ea8ef90e9bde3732738ac15158f52918af945969c75c59d51ace3dcdec521a
Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction Fuzzy Hash: A511E131944966AFE712CB65D840B86F7E0BF44320F054778E86D9BA60D321FC64CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 1C153770 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction ID: b5097175e6930ffe155eb1be27ea3769f3e9365ffdf9e4be9405ec57ac022c10
Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction Fuzzy Hash: C4E0927A104700ABCA22AB90DE46E8BBBE6BF48710F040C1CF5D921670C662B868BB55

Uniqueness

Uniqueness Score: -1.00%

Function 1C1737E0 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction ID: 2ac07d7ddf8416cb57d1898d2cd54b06495a95c5714b947c97558b61082a4cd8
Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction Fuzzy Hash: FAE0927A104780ABCB22AB91DC45E8BBBE6AF48314F040C1CF59961470C6A2B8A9BB55

Uniqueness

Uniqueness Score: -1.00%

Function 1C135910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?), xrefs: 1C13597E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)
API String ID: 0-143322027
Opcode ID: 7cc957920542a0402b656f38d4fc4606660902fb92fa63d3f37e22fddebac267
Instruction ID: 42517166533ae2f7026de3d14762fcbe994446192b9f5eb408beff96e6d50371
Opcode Fuzzy Hash: 7cc957920542a0402b656f38d4fc4606660902fb92fa63d3f37e22fddebac267
Instruction Fuzzy Hash: AC1147B6540206AFE7109F55CC84FC6BBADFF45328F008154F9089B252C3B2B5A8CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 1C14D3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef683ebc2081ef62faabd25e0f25598eaedc6d3ef3dae81455a59c7f81f061e6
Instruction ID: e89b596aa892febfa9dd53a9a86e2352eee17d47008b49fe674a0d113f88064a
Opcode Fuzzy Hash: ef683ebc2081ef62faabd25e0f25598eaedc6d3ef3dae81455a59c7f81f061e6
Instruction Fuzzy Hash: 2C315EB4740201ABEB00EF69DD84B66B3E9FF48224F548528F949C7641E775F910CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1355B0 Relevance: 4.6, APIs: 3, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc7781d3ac5c447f81695cb7e44f6f5b9035f0a74e1f1d61e5c201c0f87af7e
Instruction ID: 74fd400560db816c60cdac4730dffaa286588a824c9e09634a8c6ff445fedf5f
Opcode Fuzzy Hash: 5bc7781d3ac5c447f81695cb7e44f6f5b9035f0a74e1f1d61e5c201c0f87af7e
Instruction Fuzzy Hash: F031ADB5600301AFEB00DF25DC84B5677F9EF44729F105828F8458B251E771E845CB75

Uniqueness

Uniqueness Score: -1.00%

Function 1C10E170 Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d729fa68c68ca05ecd542481068172ee6388f51af1756ecf408458860ba001ed
Instruction ID: ae51f700b934c8ad1ec994481e58dd5438d30e3cf7d5d64fa8d32fb958251486
Opcode Fuzzy Hash: d729fa68c68ca05ecd542481068172ee6388f51af1756ecf408458860ba001ed
Instruction Fuzzy Hash: 4E110AB96402007BE6009B368D05FAB76EEDF84754F14081CF984D7242EA32F925C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C175660 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 452COMMON

Download Yara Rule

Strings

,%.*s, xrefs: 1C175804, 1C175835
Auxiliary rtree columns must be last, xrefs: 1C1756B3, 1C1758B3
CREATE TABLE x(%.*s INT, xrefs: 1C1757CA
_node, xrefs: 1C17579E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$_node
API String ID: 0-209218429
Opcode ID: ab4614005cd4d73305d87729883e93566cd6c1144e6577f324639e1e72076ac1
Instruction ID: cf8719a51facbe24e94d6d5ec436ccdf270814250262daac7fa0bd0273b05e83
Opcode Fuzzy Hash: ab4614005cd4d73305d87729883e93566cd6c1144e6577f324639e1e72076ac1
Instruction Fuzzy Hash: E6F1DCB4A00381DFD700CF25C984BAAB7F5AF54314F400929ED8A97281DB76F959CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BCC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470COMMON

Download Yara Rule

Strings

%02d, xrefs: 1C0BCE2C, 1C0BCE34, 1C0BCF27, 1C0BCF6F, 1C0BCFCE, 1C0BCFE9, 1C0BD10A
%02d:%02d, xrefs: 1C0BD080
%lld, xrefs: 1C0BD0EE
%06.3f, xrefs: 1C0BCE5F
%02d:%02d:%02d, xrefs: 1C0BD12E
%04d-%02d-%02d, xrefs: 1C0BCE82
%.3f, xrefs: 1C0BD0BF
%2d, xrefs: 1C0BCE27
%04d, xrefs: 1C0BD1CE
%.16g, xrefs: 1C0BCFB3
%03d, xrefs: 1C0BCF81, 1C0BCF8B
u, xrefs: 1C0BD16D

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
API String ID: 0-1613945299
Opcode ID: f4a6fd617b83cb69d1758636c88983090e2b74969e9d47cd94f8416f31f4c9b3
Instruction ID: 43598d68c1fbeb99649ba6bec63bb51d5035c09640afccb259f6c36e1e80d53b
Opcode Fuzzy Hash: f4a6fd617b83cb69d1758636c88983090e2b74969e9d47cd94f8416f31f4c9b3
Instruction Fuzzy Hash: 65F1F4B9A08744ABD304CB64CC41FAFB7EAFF95300F444A1DF989A6141E635E9498773

Uniqueness

Uniqueness Score: -1.00%

Function 1C139120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355COMMON

Download Yara Rule

Strings

CREATE TABLE x(_shape, xrefs: 1C139268
,%s, xrefs: 1C139297
_node, xrefs: 1C139202

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ,%s$CREATE TABLE x(_shape$_node
API String ID: 0-1242591684
Opcode ID: 7c101d8f4cae2dd61dc37b36b455a4559a821746f60cebb05fb79b1c4b7d720f
Instruction ID: 9321ddfe256360ce68bd6d2971373df911e6278cd5a499104a2b4be213c946b3
Opcode Fuzzy Hash: 7c101d8f4cae2dd61dc37b36b455a4559a821746f60cebb05fb79b1c4b7d720f
Instruction Fuzzy Hash: 43C123B5A00341DBD7008F64CD88B6777F5BF5032AF056128ED4A86281DB75F819CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C1EB050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251COMMON

Download Yara Rule

Strings

BINARY, xrefs: 1C1EB0D3
NULL, xrefs: 1C1EB267, 1C1EB324, 1C1EB325
%lld, xrefs: 1C1EB1DA, 1C1EB24C
,%s%s%s, xrefs: 1C1EB137
%.18s-%s, xrefs: 1C1EB192
(blob), xrefs: 1C1EB26C
%c%u, xrefs: 1C1EB2C3
%s(%d), xrefs: 1C1EB1B3
%.16g, xrefs: 1C1EB217
vtab:%p, xrefs: 1C1EB283
program, xrefs: 1C1EB2FB
k(%d, xrefs: 1C1EB0A5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
API String ID: 0-900822179
Opcode ID: bd18086df8c85c251a9665806311c78803b947da63052278cf489a02dbba3785
Instruction ID: e0e41d5c9e6d5853265d855e2d42346b576fcdf0bda7dde286ad0e93fbb2366c
Opcode Fuzzy Hash: bd18086df8c85c251a9665806311c78803b947da63052278cf489a02dbba3785
Instruction Fuzzy Hash: F891D270A087069FD706CF54C891BAB77E5BF41304F55884DF8958BA52D336E80ACBB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AD820 Relevance: 35.2, APIs: 8, Strings: 12, Instructions: 223COMMON

Download Yara Rule

Strings

optimize, xrefs: 1C0AD9A4
fts4, xrefs: 1C0AD9F0
fts3, xrefs: 1C0AD9CA
fts3tokenize, xrefs: 1C0ADA27
fts3_tokenizer, xrefs: 1C0AD921
unicode61, xrefs: 1C0AD90B
simple, xrefs: 1C0AD8A9
matchinfo, xrefs: 1C0AD970, 1C0AD98A
snippet, xrefs: 1C0AD93C
offsets, xrefs: 1C0AD956
porter, xrefs: 1C0AD8EE
fts4aux, xrefs: 1C0AD840

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 0-449611708
Opcode ID: fd5b2295deef92434be1736fd54066c0a16883b924445e59fd68cc5b0657d816
Instruction ID: 78164ad779f28a42afaa1f6ae7354690e55564901bf463574d7d3452780abc49
Opcode Fuzzy Hash: fd5b2295deef92434be1736fd54066c0a16883b924445e59fd68cc5b0657d816
Instruction Fuzzy Hash: C2514BF4B44311A7E710EBA55C84FAB36E4AF21B59F040134FD19A6242E7A8F50BC2B7

Uniqueness

Uniqueness Score: -1.00%

Function 1C227FB0 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 342COMMON

Download Yara Rule

Strings

etilqs_, xrefs: 1C22824C
winGetTempname4, xrefs: 1C228355
winGetTempname2, xrefs: 1C228094
winGetTempname5, xrefs: 1C228233
winGetTempname1, xrefs: 1C22817B

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 0-2933911573
Opcode ID: dcc4456b1280645e81e9b8eac11915415e75902cc3c3fc4543b2edf789c8866b
Instruction ID: a0a7a4cecb1ccc91536eed67a587d3fafee85e51b70a49d1d9697b89fd3df73e
Opcode Fuzzy Hash: dcc4456b1280645e81e9b8eac11915415e75902cc3c3fc4543b2edf789c8866b
Instruction Fuzzy Hash: 24A19E76A403525BE3008B286C41BFA7799DF52221F940175FC89971C3E5ABE50FD7B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B2BE0 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 346COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0B2E69
NULL, xrefs: 1C0B2E38
invalid, xrefs: 1C0B2E4E
WHERE name=%Q, xrefs: 1C0B2DB7
ORDER BY name, xrefs: 1C0B2DCC
%s at line %d of [%.10s], xrefs: 1C0B2E78
unopened, xrefs: 1C0B2E55
misuse, xrefs: 1C0B2E73
API call with %s database connection pointer, xrefs: 1C0B2E5A
SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0), xrefs: 1C0B2DA4

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ORDER BY name$%s at line %d of [%.10s]$API call with %s database connection pointer$NULL$SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0)$WHERE name=%Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-1179878930
Opcode ID: 7ec541495a7bb82f1b2f4f1a87de12fda9f88fc31f849c6e89faefa4fded6697
Instruction ID: d3e618bcfefd37041567c14b75c084f245131a475ab8771f257fb0ab39b15397
Opcode Fuzzy Hash: 7ec541495a7bb82f1b2f4f1a87de12fda9f88fc31f849c6e89faefa4fded6697
Instruction Fuzzy Hash: B1C14178A043519BE700CF15C884B9B37E0AF50355F144928FC9ABB282E735F94AC7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B5D70 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 266COMMON

Download Yara Rule

Strings

rank, xrefs: 1C1B5FBB
crisismerge, xrefs: 1C1B5EF7
pgsz, xrefs: 1C1B5D81
usermerge, xrefs: 1C1B5EAD
hashsize, xrefs: 1C1B5DF0
secure-delete, xrefs: 1C1B6031
automerge, xrefs: 1C1B5E59
deletemerge, xrefs: 1C1B5F64

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: automerge$crisismerge$deletemerge$hashsize$pgsz$rank$secure-delete$usermerge
API String ID: 0-3330941169
Opcode ID: 0e64dfa77b4530f89c20a15eee7924b3b4d641d8fa0f5a023f47a68f02e28168
Instruction ID: 833126bfc49443ffafeddba52ce4d491d165e5acc4a415aa4bd3cd54c834ecee
Opcode Fuzzy Hash: 0e64dfa77b4530f89c20a15eee7924b3b4d641d8fa0f5a023f47a68f02e28168
Instruction Fuzzy Hash: 6F7149BAB003115BD605DB1AAD4079F7BE0AF81212F0408BDF946E3201F721F94E8BB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A5E20 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 496COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0A5F2B, 1C0A6253, 1C0A6385
recursive definition for %s.%s, xrefs: 1C0A5E4C
SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id', xrefs: 1C0A5E6F
API called with finalized prepared statement, xrefs: 1C0A5F1F, 1C0A6247, 1C0A6379
%s at line %d of [%.10s], xrefs: 1C0A5F3A, 1C0A6262, 1C0A6394
no such fts5 table: %s.%s, xrefs: 1C0A62EA
misuse, xrefs: 1C0A5F35, 1C0A625D, 1C0A638F

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such fts5 table: %s.%s$recursive definition for %s.%s
API String ID: 0-1070437968
Opcode ID: 4a3c49fc6a85fb87d9f90497951d641b85869df11d03515f67dc1cb12c3b551c
Instruction ID: 33fc012c2347d1c686e75686b3fac2a2c203a1a207096bb15f20260db0a3d3e5
Opcode Fuzzy Hash: 4a3c49fc6a85fb87d9f90497951d641b85869df11d03515f67dc1cb12c3b551c
Instruction Fuzzy Hash: 2A0222B5A04B419FE700CFA5CC84B9B77F4BF94718F044528E94997242E776E84ACBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C119980 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 429COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C119A04
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C119A35, 1C119D90
SELECT %s, xrefs: 1C1199B1
no such function: %s, xrefs: 1C119E8C
API called with finalized prepared statement, xrefs: 1C119A19, 1C119D84
%s at line %d of [%.10s], xrefs: 1C119A44, 1C119D9F
misuse, xrefs: 1C119A3F, 1C119D9A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such function: %s
API String ID: 0-3900766660
Opcode ID: 2b2da186d0ae49eff73191e53bd069b253a618c142ee443dbe661935036b8670
Instruction ID: cf5e102f3c946685908ce117fcff1e1275ac6c55970fed44ca709a7ee410fa33
Opcode Fuzzy Hash: 2b2da186d0ae49eff73191e53bd069b253a618c142ee443dbe661935036b8670
Instruction Fuzzy Hash: 86E103B0A857819BE710CF35C940B9B77E6AF84615F01053CE8AA9F341E739E909C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D3800 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 184COMMON

Download Yara Rule

Strings

cannot open value of type %s, xrefs: 1C0D38ED
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D3930
API called with finalized prepared statement, xrefs: 1C0D3924
%s at line %d of [%.10s], xrefs: 1C0D393F
misuse, xrefs: 1C0D393A
integer, xrefs: 1C0D389A
real, xrefs: 1C0D3895, 1C0D38EC
null, xrefs: 1C0D38E7
no such rowid: %lld, xrefs: 1C0D39F8

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$cannot open value of type %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$integer$misuse$no such rowid: %lld$null$real
API String ID: 0-1477268580
Opcode ID: 9e4df41b25a3a259a130f9fa26ed5f6a70eae304df4ce2cf34211fed62107f5e
Instruction ID: 3ec61b1b22290e5d5ca6cd28a5d8756ae5847e63033f0921205086e9994bf6af
Opcode Fuzzy Hash: 9e4df41b25a3a259a130f9fa26ed5f6a70eae304df4ce2cf34211fed62107f5e
Instruction Fuzzy Hash: 8351CAB56003019BD700DF28DC80B6AB3F4FF84715F06496DE9569BA41EB72E848CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BA150 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 226COMMON

Download Yara Rule

Strings

data, xrefs: 1C1BA1E4
id INTEGER PRIMARY KEY, block BLOB, xrefs: 1C1BA1DF
idx, xrefs: 1C1BA200
%s_data, xrefs: 1C1BA1BC
segid, term, pgno, PRIMARY KEY(segid, term), xrefs: 1C1BA1FB

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s_data$data$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
API String ID: 0-1009905541
Opcode ID: ce715d653a1619b14d966642904303b7c4d16c7530704d1deb35bfa7a401a475
Instruction ID: 9afe1a5c858f4e3c624487506d907364de3122f4396d0df5ee843127cf655635
Opcode Fuzzy Hash: ce715d653a1619b14d966642904303b7c4d16c7530704d1deb35bfa7a401a475
Instruction Fuzzy Hash: 9971DFB2E40320DBD7009F65CE8DB6637B8EF20257F014424ED4AA6291DB75E908CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BF370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON

Download Yara Rule

Strings

content, xrefs: 1C1BF49D
version, xrefs: 1C1BF560
id INTEGER PRIMARY KEY, sz BLOB, xrefs: 1C1BF524, 1C1BF52C
config, xrefs: 1C1BF549
docsize, xrefs: 1C1BF52D
id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER, xrefs: 1C1BF51C
, c%d, xrefs: 1C1BF469
k PRIMARY KEY, v, xrefs: 1C1BF544
id INTEGER PRIMARY KEY, xrefs: 1C1BF43E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
API String ID: 0-3918257174
Opcode ID: 61f0f24af260abd5bb10e54141d6ef0556ace3c5dde30942a13ff19f0890d874
Instruction ID: c5787c7c9a5d2e974575460961ed390f328816a64a85eee514788de49c2a9a68
Opcode Fuzzy Hash: 61f0f24af260abd5bb10e54141d6ef0556ace3c5dde30942a13ff19f0890d874
Instruction Fuzzy Hash: 6251EF79A40211DBC300DF25DE44BABB7B8EB85661F054628EC49AB241D736FA09CFB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C09A6C0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 195COMMON

Download Yara Rule

Strings

%s, xrefs: 1C09A82E
<polyline points=, xrefs: 1C09A74B
%g,%g', xrefs: 1C09A7D1
%c%g,%g, xrefs: 1C09A78E
></polyline>, xrefs: 1C09A845

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %g,%g'$ %s$%c%g,%g$<polyline points=$></polyline>
API String ID: 0-3443809342
Opcode ID: 8cc92baec2ae7c924e4947287f69c98f85c9cb0fa26c21532f4b4fc26dd5a9a8
Instruction ID: 8efa6579b9d70a5392dd31f98b993205877b47f0134af55e404e045cf8328a44
Opcode Fuzzy Hash: 8cc92baec2ae7c924e4947287f69c98f85c9cb0fa26c21532f4b4fc26dd5a9a8
Instruction Fuzzy Hash: 2961F370A007119BDB00CF25CC46BA773E5AF52311F154628EC5E5A281E735E98AD7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1D8F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON

Download Yara Rule

Strings

NULL, xrefs: 1C1D912E
%lld, xrefs: 1C1D900C
%!.15g, xrefs: 1C1D8F83
%!.20e, xrefs: 1C1D8FF1
NULL, xrefs: 1C1D9148

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %!.15g$%!.20e$%lld$NULL$NULL
API String ID: 0-2115304644
Opcode ID: 93a9228fd7e55ea072fd96ca76c3c659f682ce8f3ff7b6e97685649b741aa6e2
Instruction ID: 18b9018006a7964fee523fbd75a966348a918db786971e70c20d2cded5d5de33
Opcode Fuzzy Hash: 93a9228fd7e55ea072fd96ca76c3c659f682ce8f3ff7b6e97685649b741aa6e2
Instruction Fuzzy Hash: 645158759057A05BD700DF18CC41AEBB7EAEF81304F06495CF89967602E736E50AC7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A3420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C0A3517
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0A3548, 1C0A3594
ATTACH x AS %Q, xrefs: 1C0A346F
API called with finalized prepared statement, xrefs: 1C0A352C, 1C0A3588
%s at line %d of [%.10s], xrefs: 1C0A3557, 1C0A35A3
misuse, xrefs: 1C0A3552, 1C0A359E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-2988319395
Opcode ID: 3f3e42567fde0978eb4adbbd14eee8bbce4f9476a25f8f09e9609f01569c014b
Instruction ID: f5fe2364036d64d44c1e2b729d228770385094e60dc3e8406dee641037984326
Opcode Fuzzy Hash: 3f3e42567fde0978eb4adbbd14eee8bbce4f9476a25f8f09e9609f01569c014b
Instruction Fuzzy Hash: 32D1D2B0A003419BE710CF65CC89B6B77E4BF50B15F044528FC5A9B281E7B5E94ACBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C12EF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,origin, xrefs: 1C12F0D6, 1C12F0DE

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ,origin
API String ID: 0-4198660907
Opcode ID: d94f4d00279d453c4ca6e0d9c6fc646d6ce7d6bce625a4c609931fcedef08c85
Instruction ID: 8931db5280db6d0f2c96b816605fa56457e63b75de8f92fc3184a4320d71e721
Opcode Fuzzy Hash: d94f4d00279d453c4ca6e0d9c6fc646d6ce7d6bce625a4c609931fcedef08c85
Instruction Fuzzy Hash: C471BEB5A04311DFC711DF58C884A6AB7F5FF89301FA0492CF98A87260DB32E854DB66

Uniqueness

Uniqueness Score: -1.00%

Function 1C174B10 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 156COMMON

Download Yara Rule

Strings

SELECT * FROM %Q.%Q, xrefs: 1C174B25
UNIQUE constraint failed: %s.%s, xrefs: 1C174BC9
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C174C2A
API called with finalized prepared statement, xrefs: 1C174C1E
%s at line %d of [%.10s], xrefs: 1C174C39
misuse, xrefs: 1C174C34
rtree constraint failed: %s.(%s<=%s), xrefs: 1C174BF9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$rtree constraint failed: %s.(%s<=%s)
API String ID: 0-2013246442
Opcode ID: 7b4d33661035573f5329e2c48ac0ae216ff19f6779f6b971394a09ae14b61605
Instruction ID: 8677e564737a21fca44369481b675a7518b64e687b43d23e3dc49aac9af8ce49
Opcode Fuzzy Hash: 7b4d33661035573f5329e2c48ac0ae216ff19f6779f6b971394a09ae14b61605
Instruction Fuzzy Hash: 37416EB2A80315BFF7019F659D84FEB33ACEF51755F000528FC0996241EB21B908DABA

Uniqueness

Uniqueness Score: -1.00%

Function 1C227C10 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

winFullPathname2, xrefs: 1C227D35
winFullPathname1, xrefs: 1C227CC9
%s%c%s, xrefs: 1C227C7A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s%c%s$winFullPathname1$winFullPathname2
API String ID: 0-2846052723
Opcode ID: e643c599ce7cc257687f901d1396c56ff572c8176a9f275272b1d92f0cea3ad4
Instruction ID: 2e52bb96e2804098c7b81a744afe298f8e9566bca6f99ab0dbe0849c769258e2
Opcode Fuzzy Hash: e643c599ce7cc257687f901d1396c56ff572c8176a9f275272b1d92f0cea3ad4
Instruction Fuzzy Hash: E641CEA5A093A26BF3109630FC45FB73BE99F45A20F66017DF88F55081D762F44AC272

Uniqueness

Uniqueness Score: -1.00%

Function 1C21AAD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C21AAD9
bind on a busy prepared statement: [%s], xrefs: 1C21AB94
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C21AB0B, 1C21AB4C, 1C21ABA0
API called with finalized prepared statement, xrefs: 1C21AAEF
%s at line %d of [%.10s], xrefs: 1C21AB1A, 1C21AB5B, 1C21ABAF
misuse, xrefs: 1C21AB15, 1C21AB56, 1C21ABAA

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3679126755
Opcode ID: e1ddea0768de7644414df2e9252c75d26d7de4a768bf50774b9349515d18162a
Instruction ID: 2d84fc9b86f462f10e753b47a7bdaf3e9cdc0ffb8abd9fabb3577836644980dc
Opcode Fuzzy Hash: e1ddea0768de7644414df2e9252c75d26d7de4a768bf50774b9349515d18162a
Instruction Fuzzy Hash: 3C41FFB0600745EBE7108B68DC82FC772E5AFA0715F150429F959AF381E774EA84D7B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

content, xrefs: 1C1BEFDF
docsize, xrefs: 1C1BF020

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: content$docsize
API String ID: 0-1024698521
Opcode ID: 2cdf5c5261830e34ea4df5e909b3626686378245caa303e20f33af3765230ea1
Instruction ID: bd75ced8f9a8776244bd36bd0dd6c07774714f1fc9293aea55fde73d99947468
Opcode Fuzzy Hash: 2cdf5c5261830e34ea4df5e909b3626686378245caa303e20f33af3765230ea1
Instruction Fuzzy Hash: 21C1CC75A84312ABD710CF25C980BAFB3F5AF84314F510628FD44A7260D776E849CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C145470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

%lld, xrefs: 1C14550D
%!0.15g, xrefs: 1C1454D2
JSON cannot hold BLOB values, xrefs: 1C145697

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %!0.15g$%lld$JSON cannot hold BLOB values
API String ID: 0-1047910854
Opcode ID: b2ecf95a801808d0719b317aa5a852fb4e74b66a2ebc8669e4bbe49cb4133647
Instruction ID: 721cd97513298ab0860d244b47d29c08961e7b8cacf404fe89291d6e5531a0ac
Opcode Fuzzy Hash: b2ecf95a801808d0719b317aa5a852fb4e74b66a2ebc8669e4bbe49cb4133647
Instruction Fuzzy Hash: 5C51E17A540200BBE3109A58EC01FFB37A6DF82334F34025DF94A5B6C2EB67B15A52B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C2B70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 183COMMON

Download Yara Rule

Strings

%c"%s", xrefs: 1C0C2C1B
,arg HIDDEN, xrefs: 1C0C2C7A
ABLE x, xrefs: 1C0C2BB6
,schema HIDDEN, xrefs: 1C0C2CD2
("%s", xrefs: 1C0C2C4A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %c"%s"$("%s"$,arg HIDDEN$,schema HIDDEN$ABLE x
API String ID: 0-1763475469
Opcode ID: 5c815e9afc89f820fadc01588f2f8ea24cb2dbf35b463db71ca75aa488d1d65c
Instruction ID: 8d58ece97e92b165be5cbaeee81710fe2344a27b1eb3d3b155d7e2d115b10dbd
Opcode Fuzzy Hash: 5c815e9afc89f820fadc01588f2f8ea24cb2dbf35b463db71ca75aa488d1d65c
Instruction Fuzzy Hash: 3E719F74A08382CBD700CF64D854B9EBBE0FF99304F008A5EF89997A41D775E549CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0040E050 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 0040E055
??_U@YAPAXI@Z.MSVCRT ref: 0040E06B
OpenProcess.KERNEL32(001FFFFF,00000000,?,00000000), ref: 0040E08D
memset.MSVCRT ref: 0040E0CF
??_V@YAXPAX@Z.MSVCRT ref: 0040E208

Part of subcall function 0040DF0D: strlen.MSVCRT ref: 0040DF24

Part of subcall function 0040DBBC: memcpy.MSVCRT ref: 0040DBDC

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040E0E7, 0040E1D0
N0ZWFt, xrefs: 0040E172, 0040E17F

Memory Dump Source

Source File: 00000002.00000002.2862223964.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2862223964.0000000000431000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000525000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000528000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000056C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.0000000000606000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2862223964.000000000063C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prologOpenProcessmemcpymemsetstrlen
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
API String ID: 3050127167-1622206642
Opcode ID: 1acd136d7ce8b80a46ba48a01424c741db229d0ee2024378821d15fe20b08a4a
Instruction ID: c7133534bbbd3e2470f914545098ef9dffeb47121235e0abce75ea37944e2468
Opcode Fuzzy Hash: 1acd136d7ce8b80a46ba48a01424c741db229d0ee2024378821d15fe20b08a4a
Instruction Fuzzy Hash: 9B51A071E04119AEDB10EB91DC82EEEBBB9EF44354F10047EF111B62C1DA795E88CB59

Uniqueness

Uniqueness Score: -1.00%

Function 1C13AA40 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 334COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C13AA87
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C13AAB8, 1C13AD82
API called with finalized prepared statement, xrefs: 1C13AA9C, 1C13AD76
%s at line %d of [%.10s], xrefs: 1C13AAC7, 1C13AD91
misuse, xrefs: 1C13AAC2, 1C13AD8C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 85bd25d47b269ccffaa242df63ca824777a8420be9ab08440462fa50e5f8096b
Instruction ID: f86bb8c2ae9ea374ba3745433a1cbcc8d56b6c1b32ef0b297f61c09c745bfa4b
Opcode Fuzzy Hash: 85bd25d47b269ccffaa242df63ca824777a8420be9ab08440462fa50e5f8096b
Instruction Fuzzy Hash: 3FB148B2E803419BE7118FA59D46B9B77E4AF5072FF00252CE88A87281E775F448C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BA170 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

JSON path error near '%q', xrefs: 1C0BA3D7
malformed JSON, xrefs: 1C0BA283

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'$malformed JSON
API String ID: 0-560895927
Opcode ID: d60bd4e264bd6255b6bc960fb40709878a8c6086f2a86ad162ae9995ee73a65d
Instruction ID: ba8ec904e5c9addd8d6b00328cebf4ddd9867ef81602c24efc984caf06e884fe
Opcode Fuzzy Hash: d60bd4e264bd6255b6bc960fb40709878a8c6086f2a86ad162ae9995ee73a65d
Instruction Fuzzy Hash: ADA15CB9A003419FD710CF24D846BAAB7E5EFC0305F24452DE4899B242E736F98AC7B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C3D20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223COMMON

Download Yara Rule

Strings

=%Q, xrefs: 1C0C3E7F
PRAGMA , xrefs: 1C0C3DC5
%Q., xrefs: 1C0C3E11

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %Q.$=%Q$PRAGMA
API String ID: 0-2099833060
Opcode ID: cac87a2a9b06f0817aa8c5728f0d325c57e3efcc7e44df580e901df94a4e5ac6
Instruction ID: 03019ae77f85dc1a57566fe5c39349f8ca27e1e3c42abc229b4c6f84e4440e0b
Opcode Fuzzy Hash: cac87a2a9b06f0817aa8c5728f0d325c57e3efcc7e44df580e901df94a4e5ac6
Instruction Fuzzy Hash: 7F71F275B142119BDB00DF28D884B9FB7F4AF44714F0406A9FD499B282D735EA09CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AB980 Relevance: 16.7, APIs: 11, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 024755e952700970e3eab781e71dc1a4d2f1c20b952b21027270ae272f5d0b35
Instruction ID: 8a844a63391a768dcf121050ae3cd08e3f032ce498accba92b1748299fc6bd9b
Opcode Fuzzy Hash: 024755e952700970e3eab781e71dc1a4d2f1c20b952b21027270ae272f5d0b35
Instruction Fuzzy Hash: D8815A75804B829BD700CFA08850B6ABFE0AF41200F540E6CE8D51BB56D7B5E95BCBF1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0EF600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction ID: 403519bcaed2771633c453b4357c0714cde1639d3e68308ce423d313575fd01b
Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction Fuzzy Hash: A651DF76A443026FE700DE55DC80BAFB7E8EF84714F40062DF94896241E735BA5D8BB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C111940 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 345COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C111B17
%s at line %d of [%.10s], xrefs: 1C111B26
block, xrefs: 1C111A90
misuse, xrefs: 1C111B21

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$block$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-4016964285
Opcode ID: 7085c47f95bffb0add96a34a48a377994d6b28abaa49fb26b4ffc84f14d314f6
Instruction ID: beea8824142a7aee9b312ad5c758d7fa777ff7f3e4d8ec65b7a1a09b1a230551
Opcode Fuzzy Hash: 7085c47f95bffb0add96a34a48a377994d6b28abaa49fb26b4ffc84f14d314f6
Instruction Fuzzy Hash: 4AC1D0B1A40251DFDB10CFB4D984BAABBF4BF14215F254629EC499F241E739E904CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BFED0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 257COMMON

Download Yara Rule

Strings

unknown error, xrefs: 1C0C003E
%llu, xrefs: 1C0BFF3C
abort due to ROLLBACK, xrefs: 1C0C0068
no more rows available, xrefs: 1C0C006F
another row available, xrefs: 1C0C0076, 1C0C0081
%llu, xrefs: 1C0BFFF7

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %llu$%llu$abort due to ROLLBACK$another row available$no more rows available$unknown error
API String ID: 0-1539118790
Opcode ID: 9501f68a6ba01c18a87d68e2be4a252890c7f95150c69518d2dbb90259a0fda4
Instruction ID: dcca00e5f1a00219af40dd5e7b3a12e879ef148abf19c86e91fe9968326f36ff
Opcode Fuzzy Hash: 9501f68a6ba01c18a87d68e2be4a252890c7f95150c69518d2dbb90259a0fda4
Instruction Fuzzy Hash: 31912475B053119BC704CE18C884BAEB7E1EF86318F24456DFC8A97390D736E846CB66

Uniqueness

Uniqueness Score: -1.00%

Function 1C1C70B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1C720D
API called with finalized prepared statement, xrefs: 1C1C7201
%s at line %d of [%.10s], xrefs: 1C1C721C
misuse, xrefs: 1C1C7217
invalid rootpage, xrefs: 1C1C715C, 1C1C730E
orphan index, xrefs: 1C1C72C2

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
API String ID: 0-165706444
Opcode ID: a4dcc8cfae2d740f585f5013c62d04b8cf989e09d1121c9a98cc23786bc84688
Instruction ID: 2025787a2245ae3378e9f0332a50f306726e9963a76397dc186c1e47b6882eba
Opcode Fuzzy Hash: a4dcc8cfae2d740f585f5013c62d04b8cf989e09d1121c9a98cc23786bc84688
Instruction Fuzzy Hash: AB61CDB5B813816BE7118E209D80FAB77E8DFA2215F244479FC5486242E7A1F558C3FE

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B3A50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 172COMMON

Download Yara Rule

Strings

read-only, xrefs: 1C0B3A71
cannot insert, xrefs: 1C0B3BF1, 1C0B3C52
bad page number, xrefs: 1C0B3BE3
no such schema, xrefs: 1C0B3BEA
cannot delete, xrefs: 1C0B3A82
bad page value, xrefs: 1C0B3BDC

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
API String ID: 0-1499782803
Opcode ID: ab7e2a45bc2636f20ecce586327c0d66d4c4f277bd5fb29fe6aad1f3888b0c35
Instruction ID: 6df5e04a1748b0e92d7c56ed486c0e7275fa01f9cd4bbd6e3663a3579103b66e
Opcode Fuzzy Hash: ab7e2a45bc2636f20ecce586327c0d66d4c4f277bd5fb29fe6aad1f3888b0c35
Instruction Fuzzy Hash: C0510679A04310DBD700CF18CC89F6A77E4AF50A55F354469ED4AAB241EF36E849CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C1CB0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1CB108
NULL, xrefs: 1C1CB0F4
invalid, xrefs: 1C1CB13E
%s at line %d of [%.10s], xrefs: 1C1CB117
unopened, xrefs: 1C1CB145
misuse, xrefs: 1C1CB112
API call with %s database connection pointer, xrefs: 1C1CB0F9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: a8793f797bbe4ed1e9abae418422c21b4c0ec3123343f2801817e0a8f591e568
Instruction ID: 32cc441c9c50e99a85c5fd04de275e63ce83a0c74444a4205365cd72f63f769e
Opcode Fuzzy Hash: a8793f797bbe4ed1e9abae418422c21b4c0ec3123343f2801817e0a8f591e568
Instruction Fuzzy Hash: 6731CB75784384ABE3115E607C00B9B77A5BF62329F010628F8A1E2901E774F905A7BF

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C6F30 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

out of memory, xrefs: 1C0C6F39, 1C0C6FA0
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0C6F60
invalid, xrefs: 1C0C6F4F
%s at line %d of [%.10s], xrefs: 1C0C6F6F
bad parameter or other API misuse, xrefs: 1C0C6F7E
misuse, xrefs: 1C0C6F6A
API call with %s database connection pointer, xrefs: 1C0C6F54

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$bad parameter or other API misuse$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$out of memory
API String ID: 0-2911740470
Opcode ID: 4a69c3a236b6e53c089b5edf69b7738a7da7d001b91deac498b3c54d40c254d5
Instruction ID: 81be3179c374b4a40c1853be9cea3ebe193e9d90bc87c0ca37de01707a6ed33e
Opcode Fuzzy Hash: 4a69c3a236b6e53c089b5edf69b7738a7da7d001b91deac498b3c54d40c254d5
Instruction Fuzzy Hash: 89219771B2437097E731CA58AC00BDF23E21BC0314F2985A8F4961B641D531F88793BA

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B06F0 Relevance: 15.2, APIs: 10, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63e9f04a67eb21fecb9e546f46181525e784c9ce3c6da9f6955fd299e711f23
Instruction ID: 64f76cd49e5381280186aaf032cd900776e6e9852c199d0ed3767471b51ad880
Opcode Fuzzy Hash: d63e9f04a67eb21fecb9e546f46181525e784c9ce3c6da9f6955fd299e711f23
Instruction Fuzzy Hash: 6F71F5F9A003059BE714DF14C891B5A77E5EF84308F14066DEC89AB242E736EA59CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 1C176380 Relevance: 15.1, APIs: 10, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3576f881236c143734d4e4bd72787883a7f1c6fce7dc7126c537bf1873127c1b
Instruction ID: cc671d4c111a6834f4c84b91266cd15997437ad709d22c1678e2397fb94eaf95
Opcode Fuzzy Hash: 3576f881236c143734d4e4bd72787883a7f1c6fce7dc7126c537bf1873127c1b
Instruction Fuzzy Hash: 5E4105B0A40720DFC7109F29DD8CB2677F4BF21226F114828ED4A82591DB71F868DBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0EF4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction ID: 746a88519a8ea7a9cac2119e6083c640005d9eaeec5ea3a146c451fcecf249d8
Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction Fuzzy Hash: 7C21A0BB9802422AE302EE215C01FEF23EC5F51216F45491DFA29A2041F724B65D92BB

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AE170 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 445COMMON

Download Yara Rule

Strings

unicode61, xrefs: 1C121279, 1C12130F
snippet, xrefs: 1C121200
fts5, xrefs: 1C121053, 1C121395, 1C1213E7
unable to delete/modify user-function due to active statements, xrefs: 1C1213BF, 1C1214B8
fts5vocab, xrefs: 1C121340
fts5_source_id, xrefs: 1C12148D, 1C1214E0
porter, xrefs: 1C1212BF

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: fts5$fts5_source_id$fts5vocab$porter$snippet$unable to delete/modify user-function due to active statements$unicode61
API String ID: 0-2986783930
Opcode ID: ce8f461e61a77bd592c882af163e96f46b249a95a6229dba79168e54e51f67d8
Instruction ID: 8e1cd4e8ea8ae8d177b826f1f99749cd16021b367f80d632cc84331deb9cbf93
Opcode Fuzzy Hash: ce8f461e61a77bd592c882af163e96f46b249a95a6229dba79168e54e51f67d8
Instruction Fuzzy Hash: BEF113B8A80341EBE700CF65CD88B577BB4BF11355FB04528E80A97281E775E914CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1AFB30 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 324COMMON

Download Yara Rule

Strings

API called with NULL prepared statement, xrefs: 1C1AFB65
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1AFB96
API called with finalized prepared statement, xrefs: 1C1AFB7A
%s at line %d of [%.10s], xrefs: 1C1AFBA5
misuse, xrefs: 1C1AFBA0

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 5b2a6a8b39af69d8127cc6d5124468137283d93d62e7e8cbafafe8f61c2692a2
Instruction ID: fe927dda6aac628694bc04b4245665f2ef891a127968fda3456aeaa5b13e04d0
Opcode Fuzzy Hash: 5b2a6a8b39af69d8127cc6d5124468137283d93d62e7e8cbafafe8f61c2692a2
Instruction Fuzzy Hash: 71B116B8A407819FE7218F35DD44B5B77E4BF44359F01052CE88A87281E775E40AC7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C121710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON

Download Yara Rule

Strings

rank, xrefs: 1C121824
%z%s%Q, xrefs: 1C12180D
%z, %Q HIDDEN, %s HIDDEN), xrefs: 1C121831
CREATE TABLE x(, xrefs: 1C1217D9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
API String ID: 0-3324442540
Opcode ID: 56050a30af4a43e583a33da028d15dd31c55229aacffb8c7576348b58b7551a2
Instruction ID: a2ac3dd44c2c282d6f872a239338c16c4909c7955a487e50610025c6d604ee1a
Opcode Fuzzy Hash: 56050a30af4a43e583a33da028d15dd31c55229aacffb8c7576348b58b7551a2
Instruction Fuzzy Hash: 7B81F0BAE40211DBDB008F64DD84B9AB7F4FF55255F240629FC89A7250E731ED14CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0EE320 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0EE376
API called with finalized prepared statement, xrefs: 1C0EE36A
%s at line %d of [%.10s], xrefs: 1C0EE385
misuse, xrefs: 1C0EE380

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: ece1781181f23d5881a4a74509a9779bcc81df98d3dce329e3d60a36789d13e3
Instruction ID: 2128b4506a79090786dd0fba90589447d6276f013d976b49bc94f979dc3589d3
Opcode Fuzzy Hash: ece1781181f23d5881a4a74509a9779bcc81df98d3dce329e3d60a36789d13e3
Instruction Fuzzy Hash: BB51C3B1E41269DFE701CB64C88CBAA37F4AF21216F144024ED5996281DB75ED48CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1974A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON

Download Yara Rule

Strings

unable to close due to unfinalized statements or unfinished backups, xrefs: 1C1975D1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1974CD
invalid, xrefs: 1C1974BC
%s at line %d of [%.10s], xrefs: 1C1974DC
misuse, xrefs: 1C1974D7
API call with %s database connection pointer, xrefs: 1C1974C1

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 0-3800776574
Opcode ID: d4b581cdc18842efcc8c434ceae88accdb105bc1913f2d2c48a37b37aa2b98b2
Instruction ID: 2cdec14d58e18cca629e55ddf35a8dab862ccf4c12519ea2967ca6948cf5f515
Opcode Fuzzy Hash: d4b581cdc18842efcc8c434ceae88accdb105bc1913f2d2c48a37b37aa2b98b2
Instruction Fuzzy Hash: A6516BB5A80B11EBF3119F38AD48BAB77B5AF41715F150018E89A93241EB30F54AC6F6

Uniqueness

Uniqueness Score: -1.00%

Function 1C13BCF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 103COMMON

Download Yara Rule

Strings

SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1, xrefs: 1C13BD67
undersize RTree blobs in "%q_node", xrefs: 1C13BDA1
PRAGMA %Q.page_size, xrefs: 1C13BD03

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.page_size$SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1$undersize RTree blobs in "%q_node"
API String ID: 0-3485589083
Opcode ID: ae8487400137fcef0619f399f2bfab9c9514cf5b2e6c3bcfb2dfa6b5f6ca4a8f
Instruction ID: 685721d5303800e2002ca8537785bce5740c77ca12c994e642d08b96663d36a4
Opcode Fuzzy Hash: ae8487400137fcef0619f399f2bfab9c9514cf5b2e6c3bcfb2dfa6b5f6ca4a8f
Instruction Fuzzy Hash: BF31F2B1A00211EBD3018B65CD88BAAB3B8FF5426EF012265FC4992641E735E958DBF1

Uniqueness

Uniqueness Score: -1.00%

Function 1C1932F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1936B8, 1C1936FD, 1C19375D, 1C19380E
%s at line %d of [%.10s], xrefs: 1C1936C7, 1C19370C, 1C19376C, 1C19381D
database corruption, xrefs: 1C1936C2, 1C193707, 1C193767, 1C193818

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 0df282972b2f01ad2366d3299ac991caaab8821f69e8f863b8f981826a04d741
Instruction ID: 447712953135fb8d0eed393ea087612a7f00cc61b6f089ca4c44d661a3e48003
Opcode Fuzzy Hash: 0df282972b2f01ad2366d3299ac991caaab8821f69e8f863b8f981826a04d741
Instruction Fuzzy Hash: F9F16570A842519FD300DF29C984BA7BBF0FF45614F849299E8888B252E735F95AC7B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BE420 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

unknown error, xrefs: 1C0BE76B
d, xrefs: 1C0BE71D
abort due to ROLLBACK, xrefs: 1C0BE795
no more rows available, xrefs: 1C0BE79C
another row available, xrefs: 1C0BE7A3, 1C0BE7AE
%c%04d-%02d-%02d %02d:%02d:%06.3f, xrefs: 1C0BE717

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %c%04d-%02d-%02d %02d:%02d:%06.3f$abort due to ROLLBACK$another row available$d$no more rows available$unknown error
API String ID: 0-322231948
Opcode ID: 2da047d2f7946447c3652f4c004ddfbbec67de389b6919d796b8abcb7cd62254
Instruction ID: 66e7fb776ec4b768e9837245166a6f20149ae7eb3d2129713e6c7d1ab005f471
Opcode Fuzzy Hash: 2da047d2f7946447c3652f4c004ddfbbec67de389b6919d796b8abcb7cd62254
Instruction Fuzzy Hash: 14E1B0796093409FD700CF68C884B9FB7E5AF88344F50492DF999A7241E776ED09CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C28E5 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1C0C29F1
unable to validate the inverted index for FTS5 table %s.%s: %s, xrefs: 1C0C2AA0
malformed inverted index for FTS5 table %s.%s, xrefs: 1C0C2A8A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS5 table %s.%s$unable to validate the inverted index for FTS5 table %s.%s: %s
API String ID: 0-3572959941
Opcode ID: c4cc93e41cb1a1743a288b5a3cb714bb6f71cb87e180a9ca81225bcc8f5799df
Instruction ID: 52da3befd88a966134e9a8556cb4a73e0e903bcc8475758e508fa39aa8f76f5a
Opcode Fuzzy Hash: c4cc93e41cb1a1743a288b5a3cb714bb6f71cb87e180a9ca81225bcc8f5799df
Instruction Fuzzy Hash: 9A41C4B1F01221DBD310DB69DC8CAAB77F8EF65266F150129FC4982180DB319654CBF5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A9700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

(FK), xrefs: 1C0A98D3

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: (FK)
API String ID: 0-1642768157
Opcode ID: 5f92abe9c5dc76ce3a54f208b93004dc445cdd0f0fb54f06917615460c7e4c22
Instruction ID: 10bf904441bffcdb7c08de5c4014baf275bc4a1da03cc6248bf44a37e5924626
Opcode Fuzzy Hash: 5f92abe9c5dc76ce3a54f208b93004dc445cdd0f0fb54f06917615460c7e4c22
Instruction Fuzzy Hash: 6E81C27B7052409FE700DF68EC40B6AB3E1FB84235F20476EE54A976A1E732E516DB60

Uniqueness

Uniqueness Score: -1.00%

Function 1C228D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON

Download Yara Rule

Strings

winOpenShm, xrefs: 1C228FB9
%s-shm, xrefs: 1C228DF2
readonly_shm, xrefs: 1C228F52

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s-shm$readonly_shm$winOpenShm
API String ID: 0-2815843928
Opcode ID: b21b1863751189d832a55bd739056a0de604210396dff4d2685792d154c60cff
Instruction ID: 3bc01dbc19ad6c024f220016eb559301eb35d7e8461ba182dd52c50312554035
Opcode Fuzzy Hash: b21b1863751189d832a55bd739056a0de604210396dff4d2685792d154c60cff
Instruction Fuzzy Hash: 3E91B0B1E00356DBD7109F64CC88B6777B8BF20315F540529FC4A96281EBB6E918CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BEB00 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0BECCB
%.*s%s, xrefs: 1C0BEC88
%s at line %d of [%.10s], xrefs: 1C0BECDA
database corruption, xrefs: 1C0BECD5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %.*s%s$%s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-894757972
Opcode ID: 0b4894324ae08fd5734f43a6ea3b6f99e4342fea35388250a76ece496a5aba5b
Instruction ID: 878fd76010120e1bd20e3951d3ef04c2fbeaf68acd3ad4466cff259d192ebe8e
Opcode Fuzzy Hash: 0b4894324ae08fd5734f43a6ea3b6f99e4342fea35388250a76ece496a5aba5b
Instruction Fuzzy Hash: 0861D179A053518BD714CF24C880BABB7E1EF84314F144A6DE869AB351E735FD0ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 1C099DA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

[%!g,%!g],, xrefs: 1C099E7E
[%!g,%!g]], xrefs: 1C099EC0

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: [%!g,%!g],$[%!g,%!g]]
API String ID: 0-3388633204
Opcode ID: b17c0c62cbd91c00f666580bd05d5bc441ac1c25f6269a2da0187433d979460a
Instruction ID: 6a84d3679bb28b45bffbf61fc3c3604123344f8258630169ca7cb2948366375b
Opcode Fuzzy Hash: b17c0c62cbd91c00f666580bd05d5bc441ac1c25f6269a2da0187433d979460a
Instruction Fuzzy Hash: BC513370A047528BD710CF29C8D4B6BB7F4AF52311F004629FC4E9B291E771A889DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BF330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 1C0BF418
INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1C0BF33F
malformed inverted index for FTS%d table %s.%s, xrefs: 1C0BF3F3

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
API String ID: 0-2809892521
Opcode ID: 3abc973c673d7ff40b869a0749b3299d1ec211a6ec562bef7f8371c1a2ab353d
Instruction ID: decd493122feb578f04309b845f2cf8564ec789c2b51787d1aaf3bb0ec41e80d
Opcode Fuzzy Hash: 3abc973c673d7ff40b869a0749b3299d1ec211a6ec562bef7f8371c1a2ab353d
Instruction Fuzzy Hash: 4141D1B9E05221DBD300DB299C8CBAF77F8EF61262F044429FC46D2181DB31A559CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C6E30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 30COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0C6E58
invalid, xrefs: 1C0C6E47
%s at line %d of [%.10s], xrefs: 1C0C6E67
misuse, xrefs: 1C0C6E62
API call with %s database connection pointer, xrefs: 1C0C6E4C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 9f3719a7a216c60aca3abb4e3b45888f00563fc7a088fff2296c876addf83e7f
Instruction ID: 58ea87f87ea2d479e6313f33ab6593ccf18fbf131401d6df2e895ee00c3796db
Opcode Fuzzy Hash: 9f3719a7a216c60aca3abb4e3b45888f00563fc7a088fff2296c876addf83e7f
Instruction Fuzzy Hash: 74F0E534B44244BBEB24D149CC81BEF3BE72B84B45FA100DEF2656E186C25AB443A679

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C6EB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 29COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0C6EDB
invalid, xrefs: 1C0C6ECA
%s at line %d of [%.10s], xrefs: 1C0C6EEA
misuse, xrefs: 1C0C6EE5
API call with %s database connection pointer, xrefs: 1C0C6ECF

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 825ea9cef39194aff70accf47a7ea60dca78a66aae574e7d4d6892f84c3df1e2
Instruction ID: 7b0f2d6c7694b95f749e88554467b5ceebe82257535713fca12b559b41dfd40e
Opcode Fuzzy Hash: 825ea9cef39194aff70accf47a7ea60dca78a66aae574e7d4d6892f84c3df1e2
Instruction Fuzzy Hash: 4BF09B30B04684BFFB30D195CC61FEB26D75B80B02F9150E6F2556E5E2E558F4506275

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B30F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1926c3b00e99da781c9e4243a357de2ddf6b68f1ff8d5d6b123dbfa391b101
Instruction ID: bde49ee8466d44ab1ddad5b44c9d5f50fd4f48152453d13089d0f96772870047
Opcode Fuzzy Hash: 2f1926c3b00e99da781c9e4243a357de2ddf6b68f1ff8d5d6b123dbfa391b101
Instruction Fuzzy Hash: 5C519276608200AFDB40EB28FC04FDB7BE2EF85720F1945A8F548972B1E731D8959B51

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AB6E0 Relevance: 12.1, APIs: 8, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ec0cd90cd4c2df4cdf614a6c8dc7975668913b799eaa09b0c88557e860fc1b
Instruction ID: 89c404fb06ee816cdc6f5650672aad9c22ec76abc479e445953d37a162aae5df
Opcode Fuzzy Hash: 17ec0cd90cd4c2df4cdf614a6c8dc7975668913b799eaa09b0c88557e860fc1b
Instruction Fuzzy Hash: 541196F9904510BFD604DB64EC40FAB77E9EF91600F4504A8F84A87211E736FA5DE2B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C107920 Relevance: 10.8, APIs: 7, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction ID: 2abd06bd30ded47c8d5a581016b4ca23b56d72963b55f8e1781adb48527c2b57
Opcode Fuzzy Hash: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction Fuzzy Hash: 4AB1BDB5A04202ABD304DF29CD81B9AB7E9FF88214F45462DF948D3711E735F9288BE5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AE260 Relevance: 10.8, APIs: 7, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d9c89ca63912b4e9f42714f816a99f18e54b83138ba7fd3eebadf46484ae63c
Instruction ID: ad7bc2e4c4ba3a217641da023af6b3bda35c93e878bcfda3f4efa1eb44f7d101
Opcode Fuzzy Hash: 9d9c89ca63912b4e9f42714f816a99f18e54b83138ba7fd3eebadf46484ae63c
Instruction Fuzzy Hash: E2A10871A083518FD700CF69C89075ABBE1AF85314F144A6DF8A997392E331ED56CB62

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A5930 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234COMMON

Download Yara Rule

Strings

CREATE TABLE x(input, token, start, end, position), xrefs: 1C0A5933
simple, xrefs: 1C0A5A38, 1C0A5A84, 1C0A5A95, 1C0A5B27
unknown tokenizer: %s, xrefs: 1C0A5B28

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(input, token, start, end, position)$simple$unknown tokenizer: %s
API String ID: 0-2679805236
Opcode ID: ba7f961bf1272e3e80d7ea6f73cacff6f3690b2b3220d90c8ef2471e71afbc0b
Instruction ID: aba81cf88725492dca2a2ab4d3d255e457b6a9f82f81022fbf0c1e06a6b01631
Opcode Fuzzy Hash: ba7f961bf1272e3e80d7ea6f73cacff6f3690b2b3220d90c8ef2471e71afbc0b
Instruction Fuzzy Hash: 7A71F471A047068FD700CFA9CC84B5AB7E4FF95255F050629EC49DB201EB72E90ACBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1AF0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1AF1DC, 1C1AF31D
%s at line %d of [%.10s], xrefs: 1C1AF1EB, 1C1AF32C
misuse, xrefs: 1C1AF1E6, 1C1AF327
unable to delete/modify user-function due to active statements, xrefs: 1C1AF157, 1C1AF298

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: eca46d527902f5ee46222a06f65ad28651c99c3d71cfe8b29840944394bb5ce1
Instruction ID: 717a9d82639655e694d1adb5d5f913c138823d359c5a4aeca10d74f51eeb4445
Opcode Fuzzy Hash: eca46d527902f5ee46222a06f65ad28651c99c3d71cfe8b29840944394bb5ce1
Instruction Fuzzy Hash: 2E6177BD680B816BF3018A21CC45B9F77A5AF41305F014229E8199B2C2E7B9E55BC7F9

Uniqueness

Uniqueness Score: -1.00%

Function 1C1344F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 208COMMON

Download Yara Rule

Strings

col, xrefs: 1C134679
fts5vocab: unknown table type: %Q, xrefs: 1C1346DE
instance, xrefs: 1C1346BF
row, xrefs: 1C1346A1

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: col$fts5vocab: unknown table type: %Q$instance$row
API String ID: 0-195232091
Opcode ID: e1e42181f0ea34ac34d6abcac7e9174c3d8c1617d0aeefc67de489f8eba2eea5
Instruction ID: 29fcb03d2ba796dcd8006e60e49543f520cd746d2dcf4a8c6adda7bc77f5cea5
Opcode Fuzzy Hash: e1e42181f0ea34ac34d6abcac7e9174c3d8c1617d0aeefc67de489f8eba2eea5
Instruction Fuzzy Hash: 1A6119F8FC1261DBD700DF289D8C7663BB4AB6122BB002134DC4997280E774A959CBF6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C09C2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

cannot UPDATE a subset of columns on fts5 contentless-delete table: %s, xrefs: 1C0C0B3B

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: cannot UPDATE a subset of columns on fts5 contentless-delete table: %s
API String ID: 0-2869280805
Opcode ID: febfdd90ae590a0818ff40d836172c56a1f7f4f857159a533f6fdccef503a013
Instruction ID: d44fe3262ebad6040c89f22db900efcefddde07e4b81ad296d988bc01404a81d
Opcode Fuzzy Hash: febfdd90ae590a0818ff40d836172c56a1f7f4f857159a533f6fdccef503a013
Instruction Fuzzy Hash: 5241B2767013059FD700DF59EC80AAAF3E4FF85229B1046BAF64887611E772E858CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B3F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 169COMMON

Download Yara Rule

Strings

remove_diacritics=1, xrefs: 1C0B3FA2
remove_diacritics=2, xrefs: 1C0B4021
separators=, xrefs: 1C0B40A3
remove_diacritics=0, xrefs: 1C0B3FE1
tokenchars=, xrefs: 1C0B406A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
API String ID: 0-131617836
Opcode ID: 4f26b2d103f784b9a55318e1e7ee072a6e63bbc1356a75a2c246d15f885271da
Instruction ID: edef8f694c4991de0d9ad662d60548705364fd84513431490faf255b10605aca
Opcode Fuzzy Hash: 4f26b2d103f784b9a55318e1e7ee072a6e63bbc1356a75a2c246d15f885271da
Instruction Fuzzy Hash: F751F87DA041838BE300CF54C44076AB7F1FB51724F9646A8EC466B645DB32EE8AC775

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B1120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

main, xrefs: 1C0B11A6
rbu_memory, xrefs: 1C0B11F5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: main$rbu_memory
API String ID: 0-3973752345
Opcode ID: 9d07d0dc50203f6e6db803e9e2a5fcd450eb73a128be5237b9b89a7c675a83bc
Instruction ID: 0c90c16dd93dee33cc306cca084ca08ccbd6ac722c7e1e9c1ac0c0a520c7a75a
Opcode Fuzzy Hash: 9d07d0dc50203f6e6db803e9e2a5fcd450eb73a128be5237b9b89a7c675a83bc
Instruction Fuzzy Hash: 8951FFB9A01701DFDB00CFA9D884B6AB3F8AF55615F10443AED4AE7240DB31E819CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A8C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

winAccess, xrefs: 1C0A8D60
delayed %dms for lock/sharing conflict at line %d, xrefs: 1C0A8D35

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 0-1873940834
Opcode ID: 0043a87dab7c59ae4fe4b5be7ab585ff049ec9005741389b4f515706de930f3d
Instruction ID: fa05c6dbab072bec1974fb6f6f81d0a88bd3ab3d18bc7171c0f10d12e56b4cb3
Opcode Fuzzy Hash: 0043a87dab7c59ae4fe4b5be7ab585ff049ec9005741389b4f515706de930f3d
Instruction Fuzzy Hash: 98412CB2D053519BDB00EFA48885A5FFBF0AFA5310F550B29FC96932D0D730E685C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B9350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ace7254fb5aa330386d38af787456a223ee0d94cac6e7fb697b381dbb2a744
Instruction ID: a54ba466959df652abc5f23a0637bc756dc6b929eb78eb80917c467149bcff3e
Opcode Fuzzy Hash: 43ace7254fb5aa330386d38af787456a223ee0d94cac6e7fb697b381dbb2a744
Instruction Fuzzy Hash: C051A1B0E40260DBD7005B74DE8CB3A77B9BF31216F114024EC4AE2191DF35E859DAB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1415C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 135COMMON

Download Yara Rule

Strings

%!0.15g, xrefs: 1C14160A
null, xrefs: 1C1415EE
JSON cannot hold BLOB values, xrefs: 1C1416D9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %!0.15g$JSON cannot hold BLOB values$null
API String ID: 0-3074873597
Opcode ID: 4f8d6701516e6b41e56dff7710a1c1c09ac3c1a22ffeb473f59e159426615cd0
Instruction ID: f5eb2f250914865563da9801ce81d577365fd1dbfe4994bca26c958ae0e78238
Opcode Fuzzy Hash: 4f8d6701516e6b41e56dff7710a1c1c09ac3c1a22ffeb473f59e159426615cd0
Instruction Fuzzy Hash: 2341A8B9B807106BF3109B90EC81BEB77B4DB41329F380639E551C5182D3E9E19D83B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B1D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

no such database: %s, xrefs: 1C0B1E05
CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 1C0B1E2C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
API String ID: 0-1404816483
Opcode ID: bf68c332b51a72995db8f27d3044f391f0de99f8ba02d08ef4d36e357fa87f1d
Instruction ID: fbbf3cee6a738f2856abe9ca4078e12389755b6bdc22822949ef4927b1d39e57
Opcode Fuzzy Hash: bf68c332b51a72995db8f27d3044f391f0de99f8ba02d08ef4d36e357fa87f1d
Instruction Fuzzy Hash: 0031487A640309ABD310DFAADC00B9BB7DCEF85215F010569FD58AB240EA76F90587F5

Uniqueness

Uniqueness Score: -1.00%

Function 1C11C650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

PRAGMA %Q.data_version, xrefs: 1C11C67C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.data_version
API String ID: 0-2870853266
Opcode ID: 21b6d9e78564b244edfc035373b1991f32b9c2ae72d33092df5f868b2890e9c5
Instruction ID: 82e89fe063545c6665c28bbd4dc8c51f8bff89fc9115895cfce9d657051635f4
Opcode Fuzzy Hash: 21b6d9e78564b244edfc035373b1991f32b9c2ae72d33092df5f868b2890e9c5
Instruction Fuzzy Hash: 8C11A4BAB403054BD700EE2AEC40697F7D5EB98222F544539E94496600E736B81DDBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C2705B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,41CA9FC0,?,1C2706F5,?,?), ref: 1C270675

Strings

api-ms-, xrefs: 1C27060B
ext-ms-, xrefs: 1C27061F

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: bacd0e6a90d583b28bcbece5bdac8d64e8d9725ccca8c1166578e78a814b0fa9
Instruction ID: ae14d22385999f76b862ff3895b44785ea4f2e80f36cd03b4612498e37fc7aaa
Opcode Fuzzy Hash: bacd0e6a90d583b28bcbece5bdac8d64e8d9725ccca8c1166578e78a814b0fa9
Instruction Fuzzy Hash: 94219379A01222E7D7119E65CCD9B9A7778ABA1760F210210FD19E72C0DA34FE08CAF4

Uniqueness

Uniqueness Score: -1.00%

Function 1C1431F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6076ce93b4b5963af7963259a9044afb9c1907b9b1902765e94cbd16f6d0389
Instruction ID: 8ff4a6ef5e206cd106afeb05257b2a997ee9c0d415c9a14ec32cfcaa0a174754
Opcode Fuzzy Hash: d6076ce93b4b5963af7963259a9044afb9c1907b9b1902765e94cbd16f6d0389
Instruction Fuzzy Hash: A2F13571A453419FD700CF29C9807AABBE0BF44B24FB4466DE8998B381D735E946CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C4E00 Relevance: 9.2, APIs: 6, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1f11c4a1dc422b9da1937da82e85a1dabc2215578c3d269e17df8dd91b9a27
Instruction ID: f50e05845b9f827445c1ab265c966ea0907100c10cd617d20d7199af6c4e7e85
Opcode Fuzzy Hash: 3c1f11c4a1dc422b9da1937da82e85a1dabc2215578c3d269e17df8dd91b9a27
Instruction Fuzzy Hash: 7281ACB1B04220CBD700CF58D888B6E77F4BB50326F510469FD49D7291EB36E909DBAA

Uniqueness

Uniqueness Score: -1.00%

Function 1C1C73E0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 369COMMON

Download Yara Rule

Strings

SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 1C1C776D
ase, xrefs: 1C1C768D
sqlite_master, xrefs: 1C1C73FD
sqlite_temp_master, xrefs: 1C1C73F2

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master
API String ID: 0-231581592
Opcode ID: caab84ee4da49f18f6295022557a55fda7a855b99c69dd4b8d632147e92433ae
Instruction ID: 4c63a966ad58fff50eec9973c5758e6509b1b1e3f6416b21a52196df8fc0878b
Opcode Fuzzy Hash: caab84ee4da49f18f6295022557a55fda7a855b99c69dd4b8d632147e92433ae
Instruction Fuzzy Hash: AEE103B0B443419FE301CF24C980B9ABBE4BF65304F14462CF98897251E7B5E959CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B6DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON

Download Yara Rule

Strings

recursively defined fts5 content table, xrefs: 1C0B6DE2

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: recursively defined fts5 content table
API String ID: 0-437020801
Opcode ID: 18e604c0104533ef51449e1a484830a98d30d70b1a360c786ca498def7f6f18a
Instruction ID: 64e03179531f6ddb7a9861954385128ec04c8077024e369003b68c7646c8e6ef
Opcode Fuzzy Hash: 18e604c0104533ef51449e1a484830a98d30d70b1a360c786ca498def7f6f18a
Instruction Fuzzy Hash: 77D1D079909341CFD704CF19C880756B7E0FF89324F590A6EE889AB241D775E885CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C136180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 335COMMON

Download Yara Rule

Strings

NEAR, xrefs: 1C13642A
fts5: syntax error near "%.*s", xrefs: 1C136436
expected integer, got "%.*s", xrefs: 1C13648D
fts5 expression tree is too large (maximum depth %d), xrefs: 1C136349

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: NEAR$expected integer, got "%.*s"$fts5 expression tree is too large (maximum depth %d)$fts5: syntax error near "%.*s"
API String ID: 0-2846580575
Opcode ID: f2b77e8b89624ecd842f23cc937598d290f34aca4465f0f13cd1e8f6c149593b
Instruction ID: e20de5026dd0644ddf049082a13ea5e828feeee72f170b5038329b4343c0c123
Opcode Fuzzy Hash: f2b77e8b89624ecd842f23cc937598d290f34aca4465f0f13cd1e8f6c149593b
Instruction Fuzzy Hash: AEC1A2B4984206EFD7218F60CE40B5AF7A4FF08329F05AE19E8495B641E375F564CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 1C0CC0F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 276COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0CC115, 1C0CC160
%s at line %d of [%.10s], xrefs: 1C0CC124, 1C0CC16F
database corruption, xrefs: 1C0CC11F, 1C0CC16A

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c8972a5f223627dca127abebd8e87baf3818f230a0752dbb560785c58d2cbb7a
Instruction ID: 808352bed524edf71012737aaaeab63fbdf8de609b4d79d7d4db1e3c2f377612
Opcode Fuzzy Hash: c8972a5f223627dca127abebd8e87baf3818f230a0752dbb560785c58d2cbb7a
Instruction Fuzzy Hash: 99A1AC766083019BC704DF69D880A6FBBE1FF88614F4949ADFD489B311E731E905CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C19ABF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C19AE0E
%s at line %d of [%.10s], xrefs: 1C19AE1D
misuse, xrefs: 1C19AE18
unable to delete/modify user-function due to active statements, xrefs: 1C19AD61

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: 09dc00a05362932c9951dc94ba57b1f1a82cc9fe0fd96ddbf677ae2ee67387e4
Instruction ID: 6519abf0560717563bcf311d3000e7804d11c95a504f0a1e65493f1e2e278adc
Opcode Fuzzy Hash: 09dc00a05362932c9951dc94ba57b1f1a82cc9fe0fd96ddbf677ae2ee67387e4
Instruction Fuzzy Hash: 87511372289340AFDB108E25DD81B6FB7F5EF89355F10092DF58696250D332E8098B72

Uniqueness

Uniqueness Score: -1.00%

Function 1C09A230 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C09A45F, 1C09A49D
%s at line %d of [%.10s], xrefs: 1C09A46E, 1C09A4AC
misuse, xrefs: 1C09A469, 1C09A4A7

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 6db173d7eec603cfd084a1e2302bc4b80cceba9f4a08faef1f8c522c6fc2cb1f
Instruction ID: 71f3c868a6bbb275c3750a44b5c0e11bb7fc0949b4dba2dcef6ba58aeb0d70d3
Opcode Fuzzy Hash: 6db173d7eec603cfd084a1e2302bc4b80cceba9f4a08faef1f8c522c6fc2cb1f
Instruction Fuzzy Hash: 0371C370605381ABEB11CF24C846BABB7E4AF85308F04852DF85D9B242E775E489D7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AA860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

argument to %s() is not a valid SQL statement, xrefs: 1C0AA97C
tables_used, xrefs: 1C0AA973, 1C0AA97B
bytecode, xrefs: 1C0AA96E
stmt-pointer, xrefs: 1C0AA928

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: argument to %s() is not a valid SQL statement$bytecode$stmt-pointer$tables_used
API String ID: 0-361449301
Opcode ID: 0dfe2a9d82282ba4e914644c4ba7fc0f4df6a51bfe34d4b1a2b8488e4d701e5d
Instruction ID: d444a92fcd1838e346eddc1a3c2c33e3e48a686235812b188a0a5314a7fb6eca
Opcode Fuzzy Hash: 0dfe2a9d82282ba4e914644c4ba7fc0f4df6a51bfe34d4b1a2b8488e4d701e5d
Instruction Fuzzy Hash: 9E61B0B1A007429FE710CF64D88A756B7F4AB44314F010A2DE886C66C1E776E98DCFB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C1BBF00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON

Download Yara Rule

Strings

NEAR, xrefs: 1C1BC03A
fts5: %s queries are not supported (detail!=full), xrefs: 1C1BC043
phrase, xrefs: 1C1BC035, 1C1BC042
fts5 expression tree is too large (maximum depth %d), xrefs: 1C1BC070

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: NEAR$fts5 expression tree is too large (maximum depth %d)$fts5: %s queries are not supported (detail!=full)$phrase
API String ID: 0-593389478
Opcode ID: 30be113ea89a5ac2ef1ec3fa48dba8a3cb62916319adadb99969013c0e580bc5
Instruction ID: d8ab6e8ffb87ad930ebd9fcebdb016b19de162bf549f7eecf93d3b82f26458ea
Opcode Fuzzy Hash: 30be113ea89a5ac2ef1ec3fa48dba8a3cb62916319adadb99969013c0e580bc5
Instruction Fuzzy Hash: 81412535A812169FD324CE25CA90B9AB3B4FF84310F1146ADF84667A10E776EC49CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C23D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 150COMMON

Download Yara Rule

Strings

main, xrefs: 1C0C2491
no such database: %s, xrefs: 1C0C24B4
database %s is locked, xrefs: 1C0C2541
cannot detach database %s, xrefs: 1C0C24C3, 1C0C2547

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: cannot detach database %s$database %s is locked$main$no such database: %s
API String ID: 0-3838832555
Opcode ID: e38aa431fa8c573c0acb4f8710f332e77bf9110ae21518c1df0d83c591c19e3f
Instruction ID: 5a51c6a71bd44531d0dbff934c34d30fe095026d1dbdc8a6983012b7975a644d
Opcode Fuzzy Hash: e38aa431fa8c573c0acb4f8710f332e77bf9110ae21518c1df0d83c591c19e3f
Instruction Fuzzy Hash: BC51CDB5B002019FE714CF05C890B6AB7E5BF88314F11869DE85D8BB91DB35E845CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0DF490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0DF4B0
unable to delete/modify collation sequence due to active statements, xrefs: 1C0DF533
%s at line %d of [%.10s], xrefs: 1C0DF4BF
misuse, xrefs: 1C0DF4BA

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 0-3348720253
Opcode ID: 16f0d15a901ffad66ec3d157706bef0d812243cd7e8deb8438805425151a713e
Instruction ID: 5b5d7a9a6eba230271f6c0dab6539da1380c13280dfb666991e44f022df00364
Opcode Fuzzy Hash: 16f0d15a901ffad66ec3d157706bef0d812243cd7e8deb8438805425151a713e
Instruction Fuzzy Hash: 2A4127726053409BD700CF28EC80BBEB7E4EF81329F25866EF6549B282D376E5158B71

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C4C00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN), xrefs: 1C0C4CCB
invalid arguments to fts4aux constructor, xrefs: 1C0C4C9E
temp, xrefs: 1C0C4C3E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)$invalid arguments to fts4aux constructor$temp
API String ID: 0-537686372
Opcode ID: 5335c02295c40a71c530266cded3b0056f27ed59b477caf8311dfa18cc6e7e5c
Instruction ID: 8ea661415ea4c5087b2ba8c992342ee39f7df2a332a002b33c548a04077f45ae
Opcode Fuzzy Hash: 5335c02295c40a71c530266cded3b0056f27ed59b477caf8311dfa18cc6e7e5c
Instruction Fuzzy Hash: F54126762002419FCB14CF98D8C0AFA7BE4FF44324F1685E9EC998B212D632E906DB74

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AC2B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

%!.*f, xrefs: 1C0AC3AE

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %!.*f
API String ID: 0-786758813
Opcode ID: 89c2ea97bf156a5e79860f5c34f41510b75289dc41d2201bccdd03035cbcc6ad
Instruction ID: 59936cbfe1021e201d0128fd6c2d5ce30effe58e7fda41da55ab159bd0cf272b
Opcode Fuzzy Hash: 89c2ea97bf156a5e79860f5c34f41510b75289dc41d2201bccdd03035cbcc6ad
Instruction Fuzzy Hash: 66315E76C08E118BD306DE78881239B73E46F42391F064355EC562A102E737E89BC2F6

Uniqueness

Uniqueness Score: -1.00%

Function 1C16EBD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C16EC42
%s at line %d of [%.10s], xrefs: 1C16EC51
CREATE , xrefs: 1C16EBFF
database corruption, xrefs: 1C16EC4C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$CREATE $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1360532505
Opcode ID: 5cc09eb4f90b68de5e6165db049d7d2318281f61d0702efffb2ec2241e22cbfb
Instruction ID: e9ed8f3c848ad534a03c1d29a9df4a0a427e7d3d2eab5ac46436e753099babca
Opcode Fuzzy Hash: 5cc09eb4f90b68de5e6165db049d7d2318281f61d0702efffb2ec2241e22cbfb
Instruction Fuzzy Hash: D131AE625453D15FEB110A6A9D40BE37FD1AF4122DF2402BBF8854E943E3A6D1A4C731

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C7050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

invalid, xrefs: 1C0C706F
out of memory, xrefs: 1C0C7059, 1C0C70A2
bad parameter or other API misuse, xrefs: 1C0C7083
API call with %s database connection pointer, xrefs: 1C0C7074

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
API String ID: 0-453588374
Opcode ID: 3f1eacdfa96314ea6c45a49a7b681d9b1082fc5ddc6a0963bbf1a35a2cf40ece
Instruction ID: e19498a2784f846e8af95677bdae8b2639c8f0abe7b65f7baf944443872e44ed
Opcode Fuzzy Hash: 3f1eacdfa96314ea6c45a49a7b681d9b1082fc5ddc6a0963bbf1a35a2cf40ece
Instruction Fuzzy Hash: 51315CB1B00740D7E724CA2D9C06BAF23D75F90B15F3945A9EC458B242D625E94BC3BE

Uniqueness

Uniqueness Score: -1.00%

Function 1C1493A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C149446, 1C14948A
%s at line %d of [%.10s], xrefs: 1C149455, 1C149499
database corruption, xrefs: 1C149450, 1C149494

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 855fd6ebf5de1ffaf07a9b12e50a17539d2868828226a44010822bda0c5984f1
Instruction ID: ce27606874caac598758df62f541d938453d45b2b2dccc3d36c420fc32cc1b73
Opcode Fuzzy Hash: 855fd6ebf5de1ffaf07a9b12e50a17539d2868828226a44010822bda0c5984f1
Instruction Fuzzy Hash: 76314679640B904BD324DF28C990BB3BBF69F85701B6484ADE5C64B786E322F842C770

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D4F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D4F62, 1C0D4FF3
%s at line %d of [%.10s], xrefs: 1C0D4F71, 1C0D5002
database corruption, xrefs: 1C0D4F6C, 1C0D4FFD

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1dba12c89a85e71316979a59d0bc1a1b9512eb446b23d6c9f90b396b1768363e
Instruction ID: 682cb89f45e25aa1593076a74ccc87e6b40b787dac0934ee30a4ecc8ea2de634
Opcode Fuzzy Hash: 1dba12c89a85e71316979a59d0bc1a1b9512eb446b23d6c9f90b396b1768363e
Instruction Fuzzy Hash: 9E3103B62006416BC301DB29DD80BF6BBF0FF45311F0942A6F458DBA82E329F96097B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A1C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0A1D3C
unknown database: %s, xrefs: 1C0A1CBD
%s at line %d of [%.10s], xrefs: 1C0A1D4B
misuse, xrefs: 1C0A1D46

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unknown database: %s
API String ID: 0-142545749
Opcode ID: 24ef5c2254a2f5f380ccfa147e38f58a5424538e1b7bbec14b929e0b3f5a0264
Instruction ID: 790e53f8f948b0a055bbaba4a61bc933452ec0e33729e7e6f4a7e7e05edb9562
Opcode Fuzzy Hash: 24ef5c2254a2f5f380ccfa147e38f58a5424538e1b7bbec14b929e0b3f5a0264
Instruction Fuzzy Hash: 532144B9500740BBEB11DAA59C44FDB76E99FD23E8F10052CF85966281D730E906C776

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D3FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D407D, 1C0D40A8
%s at line %d of [%.10s], xrefs: 1C0D408C, 1C0D40B7
database corruption, xrefs: 1C0D4087, 1C0D40B2

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: fcee47fd5c0f34f624849e1811ff64435ee9330a7e11b898cbe19d0b3a075a2e
Instruction ID: 358156a0b8a728d36579328f9e2e65cecfce6327adf22019e7584b01fb5db137
Opcode Fuzzy Hash: fcee47fd5c0f34f624849e1811ff64435ee9330a7e11b898cbe19d0b3a075a2e
Instruction Fuzzy Hash: D821C1B66013115BC700EE58DC41AEBBBE0EB84691F424026FD84A7241E239E65987F2

Uniqueness

Uniqueness Score: -1.00%

Function 1C149290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C14929C, 1C14932A
%s at line %d of [%.10s], xrefs: 1C1492AB, 1C149339
database corruption, xrefs: 1C1492A6, 1C149334

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 0642d4512578add91dd986ce6f515513191b5bcfb2fe6c9627f701be5b6b90bf
Instruction ID: 6489cab17218e4071bf434baebca95d0614931588d994e41b835f3b861d64b67
Opcode Fuzzy Hash: 0642d4512578add91dd986ce6f515513191b5bcfb2fe6c9627f701be5b6b90bf
Instruction Fuzzy Hash: 86214925584BD05BC321DF789D80BE3BBF79F05310B59849DE1D697796E322F4818760

Uniqueness

Uniqueness Score: -1.00%

Function 1C1CC6F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

Strings

non-deterministic use of %s() in %s, xrefs: 1C1CC732
a generated column, xrefs: 1C1CC722
an index, xrefs: 1C1CC71D
a CHECK constraint, xrefs: 1C1CC714, 1C1CC72B

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 0-3705377941
Opcode ID: 9ff1984a6e4130c1bc4cfbcf6954ee000ef8d63c0399c4b901dc02fab5006438
Instruction ID: 23beb66f7fb2e09c174822a087889e477f7b7870ee5daf30cc636633b56fe4da
Opcode Fuzzy Hash: 9ff1984a6e4130c1bc4cfbcf6954ee000ef8d63c0399c4b901dc02fab5006438
Instruction Fuzzy Hash: E521F0B0B00221DBDB009F28D988AA637B4EF22366F000224FD59D66D0DB35E8A5C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B33C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 1C0B33D6

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
API String ID: 0-1935849370
Opcode ID: cd73c4a245c1e003069681760bb3d3b92f702770127a313e294cc905f8476be0
Instruction ID: d870f45518c1b6a4dd3f023969046c20073dd2a47951a0e907ec1246f23df550
Opcode Fuzzy Hash: cd73c4a245c1e003069681760bb3d3b92f702770127a313e294cc905f8476be0
Instruction Fuzzy Hash: 920192397442169BD301DF29E800BCAB3D5EFC5711F158176F6049B280EBB0B48B9BB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C245BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,41CA9FC0,?,?,00000000,1C29D1CB,000000FF,?,1C245B30,?,?,1C245ADF,?), ref: 1C245BF6
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 1C245C08
FreeLibrary.KERNEL32(00000000,?,?,00000000,1C29D1CB,000000FF,?,1C245B30,?,?,1C245ADF,?), ref: 1C245C2A

Strings

CorExitProcess, xrefs: 1C245C00
mscoree.dll, xrefs: 1C245BEF

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 62cc1996debbf611cf89457d8cad53cea2f93eb3500dff4373f74f8c28b85f53
Instruction ID: a7817b175d8d3f6eee1d4b4cc240bef11912b512ea723634fa1fc877698fa696
Opcode Fuzzy Hash: 62cc1996debbf611cf89457d8cad53cea2f93eb3500dff4373f74f8c28b85f53
Instruction Fuzzy Hash: A4016272E14639EFDB018F94CD49FBEB7B8FB04B15F104925F811A26D0DB789900CA64

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B6A20 Relevance: 8.0, APIs: 5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733332d78bb03585a2688b09aee288977d6f459507cb4c630e0c7c8ced32e958
Instruction ID: e426384c56ce321255eb283aa1b1b2c27ded3d852415c4229b2f8cdf0a31b323
Opcode Fuzzy Hash: 733332d78bb03585a2688b09aee288977d6f459507cb4c630e0c7c8ced32e958
Instruction Fuzzy Hash: C7028CB0A44355CBD704CF25CA8872AB7F4BF64315F144A2DEC49A7281DB74E948CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C11AF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87b692b9e1e3bc1f5a2b61484fb1de34b4bda3d96376acab9c6119b3204971c7
Instruction ID: 3af4b0374894144137b03f59207997501b6e7c3bb498242f491dd0b503cf6925
Opcode Fuzzy Hash: 87b692b9e1e3bc1f5a2b61484fb1de34b4bda3d96376acab9c6119b3204971c7
Instruction Fuzzy Hash: 21A17FF0E41631DBD7009F75DA8CB6A3774BF21266B050024EC4A9A691DB38E958CBF6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B73C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 1C1B751C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: fts5: syntax error near "%.*s"
API String ID: 0-498961494
Opcode ID: 3aa33ab7074f6e1615bcdc22fce2ede8b713b551e8a1e7021f93a009ce672a25
Instruction ID: f42db0afd7d90fbe974d99f9a314cbaf3dd70a94db28ec7b78482b4e6fd19063
Opcode Fuzzy Hash: 3aa33ab7074f6e1615bcdc22fce2ede8b713b551e8a1e7021f93a009ce672a25
Instruction Fuzzy Hash: 16B19CB0945351DFD310CF24C984B5ABBF8AF95318F18491DE889A7280D774E94ACFB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AF7F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

integer overflow, xrefs: 1C0AF8ED

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: integer overflow
API String ID: 0-1678498654
Opcode ID: aaa48acd2dc28789fe5991a45981f57bf536d8bf4831fdc95a6c7b11dbdcd99c
Instruction ID: 81b61f35b4cfd3384a29814ebd37ccc5479f28f1159c4c139245ad796a880207
Opcode Fuzzy Hash: aaa48acd2dc28789fe5991a45981f57bf536d8bf4831fdc95a6c7b11dbdcd99c
Instruction Fuzzy Hash: 9D11BE75C047116ADB01EE64AC00B8E37E15F16324F16439DE8591A1E2E760E1DAC3EB

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B82E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

[%d], xrefs: 1C0B84C7

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: [%d]
API String ID: 0-394612830
Opcode ID: b73771352942ba433c3fbf0dd48f5479669d6ef6db95db2dbf13f04250c86dc0
Instruction ID: 16823ae24a4d3cf1690b9e04f7ae5e8c397181524bd6794927102e8a6c41dc04
Opcode Fuzzy Hash: b73771352942ba433c3fbf0dd48f5479669d6ef6db95db2dbf13f04250c86dc0
Instruction Fuzzy Hash: F5711BB9904341AFE720CE60DD80FDBB7E9AF85704F944A1DE985A2591E730F609C772

Uniqueness

Uniqueness Score: -1.00%

Function 1C196180 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C196387
%s at line %d of [%.10s], xrefs: 1C196396
database corruption, xrefs: 1C196391

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c55a2f3fdd465f7c527e96f41ec9b8d90ec84713a608dcdb6747dbaa03ba04bd
Instruction ID: fdd30fa6f38f8d23d6a6bd5be74157296b3dbefe204a97dcfab3e0d7c162bf61
Opcode Fuzzy Hash: c55a2f3fdd465f7c527e96f41ec9b8d90ec84713a608dcdb6747dbaa03ba04bd
Instruction Fuzzy Hash: 9971F471A882418BEB44DF14C9C07EA7BE0EF44324F954E99EC89CB282E335E945C772

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A7D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

winShmMap3, xrefs: 1C0A7F1D
winShmMap1, xrefs: 1C0A7DC5
winShmMap2, xrefs: 1C0A7E1F

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: winShmMap1$winShmMap2$winShmMap3
API String ID: 0-3826999013
Opcode ID: b1484bd728e186783a23dc3c29ffaac3ad3c613cacd107775d525e6221071bc5
Instruction ID: 00483ef2a5a014d1a400ae8faea86c6e301c5f1ff8fe40503818a5e813db3ebe
Opcode Fuzzy Hash: b1484bd728e186783a23dc3c29ffaac3ad3c613cacd107775d525e6221071bc5
Instruction Fuzzy Hash: 8361CEB16007519FD714CFA9C885A27B7E5AF88300F11896DF98797291EB70E90ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 1C240FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 1C240FE7
CatchIt.LIBVCRUNTIME ref: 1C2410CD

Strings

RCC, xrefs: 1C241001
MOC, xrefs: 1C240FF9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: f7b50c91b7d8d447f057318b3d6ac54574de3a89eb705ef9cedab753c1516804
Instruction ID: e315a768b97a350b11c7cf22886fb744ca80dcab87619e075e7106733cd8c203
Opcode Fuzzy Hash: f7b50c91b7d8d447f057318b3d6ac54574de3a89eb705ef9cedab753c1516804
Instruction Fuzzy Hash: 9C414A75A0028AEFDF19CF94C980AEE7BB5FF48301F348159F918A7261D735A950EB60

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A4CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

wrong number of vtable arguments, xrefs: 1C133FA9
temp, xrefs: 1C133F91

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: temp$wrong number of vtable arguments
API String ID: 0-2849069181
Opcode ID: 337cf0a2b986256929b61682f25cea93361c9f9b73d45046fe7ad0442be11712
Instruction ID: 59b8b76591d2d62b558254ea42fd45a8ae41138f9eac6bde8a456f4fd2a7f324
Opcode Fuzzy Hash: 337cf0a2b986256929b61682f25cea93361c9f9b73d45046fe7ad0442be11712
Instruction Fuzzy Hash: 105124B9A443058FC710CF24D94059AFBF5BF89318F806A6DE48A57301D336E94ACFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D35E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D35EA
%s at line %d of [%.10s], xrefs: 1C0D35F9
misuse, xrefs: 1C0D35F4

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 1a4f5d4f7ad6588311e5a9ecc5492ee95b43b9496420cfb545dcb43d53c6d927
Instruction ID: 68d18c385558fa9ddf1a2d3580e0aef02075b4b27f4470f294fb3b6d71650bb1
Opcode Fuzzy Hash: 1a4f5d4f7ad6588311e5a9ecc5492ee95b43b9496420cfb545dcb43d53c6d927
Instruction Fuzzy Hash: 5A51B0F5A01711AFDB14CF25C884A6ABBF5BF04B24F0A8268F8595B252D331E914CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C1496B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1497E0
%s at line %d of [%.10s], xrefs: 1C1497EF
database corruption, xrefs: 1C1497EA

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 8843f687095871047a59c1192afee68a9fa5cb2c451a0047895513fa4aa2a949
Instruction ID: fae4d37e0234f8b14343618e63921eb7bc56a4689e4c87c260a698f4422690bf
Opcode Fuzzy Hash: 8843f687095871047a59c1192afee68a9fa5cb2c451a0047895513fa4aa2a949
Instruction Fuzzy Hash: 004179762457D08FD7218F78A4406D3FFE69F41262F2808AED2C58B652E322E486D771

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A0300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON

Download Yara Rule

Strings

winWrite2, xrefs: 1C0A043B
winWrite1, xrefs: 1C0A045E
delayed %dms for lock/sharing conflict at line %d, xrefs: 1C0A03FF

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 0-1808655853
Opcode ID: cd28dba7a91abeee9bcadca4ef6e95282dffdafa41be4c9f945eb5108340de92
Instruction ID: 5d6daebd41e075a2e5ab32908b38a78e9bfe808ddefac9bdb1016b08967a827f
Opcode Fuzzy Hash: cd28dba7a91abeee9bcadca4ef6e95282dffdafa41be4c9f945eb5108340de92
Instruction Fuzzy Hash: 4E4124B2A053069FD304DE98C8C096FB7E8FB85214F610A2AF956C6190D371D586CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C215960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C215976
%s at line %d of [%.10s], xrefs: 1C215985
misuse, xrefs: 1C215980

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: e9f9e0e639fdbd48f9c10e0eee34da0ad816bcd0286352f883b3fbe49b786612
Instruction ID: 53e7e754dd869b2ff94cf19ace4a0a02d86cbb3f0d0caf047d2c298f051f32c5
Opcode Fuzzy Hash: e9f9e0e639fdbd48f9c10e0eee34da0ad816bcd0286352f883b3fbe49b786612
Instruction Fuzzy Hash: 554117769803529BD710CA55CC80BDAB7E4AF85320F9806A9FC449B241E339E998C3B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C228850 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 1C22895F
os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 1C2288E2

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$os_win.c:%d: (%lu) %s(%s) - %s
API String ID: 0-1037342196
Opcode ID: 3bcf1f37f447acf7a23fe7af9a9d2fc75811909b708bab13057d973762912b3a
Instruction ID: cf148ab0e74be36c091925c3c5a8c3180d6a9f55c836883bb3130935daf3b1ed
Opcode Fuzzy Hash: 3bcf1f37f447acf7a23fe7af9a9d2fc75811909b708bab13057d973762912b3a
Instruction Fuzzy Hash: A5212675608297ABE710DB14C884BFBBBE9AFD4304FA4482CF588C6192C234E8488773

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D5390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D53FE
%s at line %d of [%.10s], xrefs: 1C0D540D
database corruption, xrefs: 1C0D5408

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: a400ca509a77a017a7bff07c84e44fc74999f74a847698d8bea608ddc36c5fe9
Instruction ID: 08ca2bd2df94a41a187b1a1558d1b833a3c33e96727ea2622bbefa994ef5f593
Opcode Fuzzy Hash: a400ca509a77a017a7bff07c84e44fc74999f74a847698d8bea608ddc36c5fe9
Instruction Fuzzy Hash: A83186A964279146E321CB3998407F7B7E09F42217F19046AECC9C7682E323F486D3B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B7ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON

Download Yara Rule

Strings

no such tokenizer: %s, xrefs: 1C1B7F1B
error in tokenizer constructor, xrefs: 1C1B7F92

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: error in tokenizer constructor$no such tokenizer: %s
API String ID: 0-815501780
Opcode ID: 5f37a5e3db720af68f7ab4d55422bf1be146016138d39e35070895fc24e3a2f0
Instruction ID: 4cc3f464e2b529124a8b2f00c8c77b6461dd0eb99d55187791da81e431284930
Opcode Fuzzy Hash: 5f37a5e3db720af68f7ab4d55422bf1be146016138d39e35070895fc24e3a2f0
Instruction Fuzzy Hash: 03318E766412158FC721CE19D840B6AB3F4EF85665F1906ADF998EB300E732E805CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C09F000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

second argument to nth_value must be a positive integer, xrefs: 1C09F0C4

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: second argument to nth_value must be a positive integer
API String ID: 0-2620530100
Opcode ID: d9c05da10de749dbe20f2763b53199c7682ba4007fa12d8a01164b57fe897244
Instruction ID: 725dc413e7e440b165c67bcee9aa1be8fc210b9a53504ae06d4f495aabfff841
Opcode Fuzzy Hash: d9c05da10de749dbe20f2763b53199c7682ba4007fa12d8a01164b57fe897244
Instruction Fuzzy Hash: 163146B69003029BDB00DE15DC4175FB7E4BF80720F044A2CEC6DA6281E732F958A6B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B05D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

Strings

rbu/zipvfs setup error, xrefs: 1C0B061A
rbu(%s)/%z, xrefs: 1C0B0697

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: rbu(%s)/%z$rbu/zipvfs setup error
API String ID: 0-199214844
Opcode ID: 11d1941718547498ad91428ea9e847fd1b9a5068e12f853f2963ed62b8d51944
Instruction ID: e384e5d31f55b09e146fa113d0b47d58299d6ad4e63203b260db54e90065315d
Opcode Fuzzy Hash: 11d1941718547498ad91428ea9e847fd1b9a5068e12f853f2963ed62b8d51944
Instruction Fuzzy Hash: E521F3B6A003069FD710CF1ADC80B9AB7E9EFC9724F11447EE95997201DB32F8148BA5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0D5280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0D52F2
%s at line %d of [%.10s], xrefs: 1C0D5301
database corruption, xrefs: 1C0D52FC

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9b164a324092955e3d9a95325112322342345863a0b856ac6c3841256a7d99fb
Instruction ID: 60c21213eb831be9ead78f7689c562c4600be6539db7ea1b6073d730a3982668
Opcode Fuzzy Hash: 9b164a324092955e3d9a95325112322342345863a0b856ac6c3841256a7d99fb
Instruction Fuzzy Hash: E1115BB760020067CB105A49FC00EEBBFE5DFC52B2F0A0565FA4856122D223E91593B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1F8490 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1F84C1
%s at line %d of [%.10s], xrefs: 1C1F84D0
database corruption, xrefs: 1C1F84CB

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 486c247e718f72eef327a6536a94328a511f28e71d6cef58b58f8c110b7ae9f4
Instruction ID: 5bd5a32cf99281c8b571c1fd40137384da4228d862823ade0e12e8d63c8ede6e
Opcode Fuzzy Hash: 486c247e718f72eef327a6536a94328a511f28e71d6cef58b58f8c110b7ae9f4
Instruction Fuzzy Hash: 4E21317A340B519BE7218E58CC80B97B3E5EF85215F10092EFC8A9B351E331F8498BB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0DFD60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0DFDE6, 1C0DFE61
%s at line %d of [%.10s], xrefs: 1C0DFE82
database corruption, xrefs: 1C0DFE7D

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 3ad2664b70bbcead36e911ebcc508631d0f24b7a371d2c0fb1ca0b28fd5cce13
Instruction ID: 0875498f474ece0a9d0c4d5e611257d83cb86c9ad9ec8bb950c3afb3535486a9
Opcode Fuzzy Hash: 3ad2664b70bbcead36e911ebcc508631d0f24b7a371d2c0fb1ca0b28fd5cce13
Instruction Fuzzy Hash: 2031F7A81143818AD315CF24C400366BAA1BF15309F65D5DEE8899F7A3E37BC4C7DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0ED6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

%s%s, xrefs: 1C0ED725

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s%s
API String ID: 0-3252725368
Opcode ID: 888abe0e297d18cb46b9d22fe80c68ff2a4ee893202eec50f379a3dd743706cf
Instruction ID: aaa8dd3f05eaba0537c31cc83356ecd7b27d573a2fab3e64c0b284c884c06ea1
Opcode Fuzzy Hash: 888abe0e297d18cb46b9d22fe80c68ff2a4ee893202eec50f379a3dd743706cf
Instruction Fuzzy Hash: EE1193B5A01260DFD7019B5AD888B6A33F8EF91266F140125FD8886240EB35DA14C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B6140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

CREATE TABLE %Q.'%q_%q'(%s)%s, xrefs: 1C1B6175
WITHOUT ROWID, xrefs: 1C1B6150, 1C1B6162
fts5: error creating shadow table %q_%s: %s, xrefs: 1C1B6197

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: WITHOUT ROWID$CREATE TABLE %Q.'%q_%q'(%s)%s$fts5: error creating shadow table %q_%s: %s
API String ID: 0-1971204597
Opcode ID: 6f3dc64eda3b6beb6594924c5189a8d3fe4fde85040db398bed534045ee30b0b
Instruction ID: af866664802351687ccc61952c856b6af95225f44e6534cfe2b99b1e077ebeb7
Opcode Fuzzy Hash: 6f3dc64eda3b6beb6594924c5189a8d3fe4fde85040db398bed534045ee30b0b
Instruction Fuzzy Hash: D511C0B1A01110EFDB014F68DC88B6B77B4FBA5356F004428FD49D6181DB31C818DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C13A6B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C13A6C3
%s at line %d of [%.10s], xrefs: 1C13A6D2
database corruption, xrefs: 1C13A6CD

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: e3c41fcc31a252141c4065e28faab684797f88e61201a97be69b9f3083c51737
Instruction ID: 8e6731867ee52e5c37f7c8e6b6249d31fda6c53ed6c9763013723ec4cb959940
Opcode Fuzzy Hash: e3c41fcc31a252141c4065e28faab684797f88e61201a97be69b9f3083c51737
Instruction Fuzzy Hash: 0011BFB6600301AFD700DF99DC80F9BB7E9EFC1261F1508A9F6449B261D376A845CB72

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A2380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0A23FC
%s at line %d of [%.10s], xrefs: 1C0A240B
misuse, xrefs: 1C0A2406

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 18175987e841c0ca29590f0094d69c1392e482094abf838df91d9a6e60666c06
Instruction ID: 2f0594622a9fdd965329592dd602330713991efa22cce8ad361992641b7b0dd2
Opcode Fuzzy Hash: 18175987e841c0ca29590f0094d69c1392e482094abf838df91d9a6e60666c06
Instruction Fuzzy Hash: 33117C752082129FE718CE5DDC80F9AB7E4AF89304F5244A8F9499B252D731E886DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 1C141F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

JSON path error near '%q', xrefs: 1C141F92

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'
API String ID: 0-481711382
Opcode ID: 505b476a79ae8a6eca7232a21d92241cdafb875c67b1edf085a0b98e2348cd77
Instruction ID: c61e0e5b07d721beee5276577fe0b7f582db961fcdce337e077ae63aeae5646e
Opcode Fuzzy Hash: 505b476a79ae8a6eca7232a21d92241cdafb875c67b1edf085a0b98e2348cd77
Instruction Fuzzy Hash: 2C0104727092216FEB209A94CD00BDB7BC4DF41720F30066CF899962D1EB71A80A93F2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A1DF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C0A1E53
%s at line %d of [%.10s], xrefs: 1C0A1E63
misuse, xrefs: 1C0A1E59

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 4f331b39a09a597a709c9c9ae0f3f5b39cf431afec476bf1f507ecbe82600119
Instruction ID: d52256d3b89b60916af1f900bd0fd38d5072b8a3047a615c0c89acf249227e5e
Opcode Fuzzy Hash: 4f331b39a09a597a709c9c9ae0f3f5b39cf431afec476bf1f507ecbe82600119
Instruction Fuzzy Hash: D5110E74708A90EFD304CEA8D848B9BBBF8AF56695F040499F405DB362C374E906C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BF0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1C0BF105

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: 75a60b70a1c97b301abeb1ba8ba407352b88704c456bef3290880e90a47e96bf
Instruction ID: 81c4cadea6910b6a3fff01433db2d4302a886e7c70137f25aa98f0d517720089
Opcode Fuzzy Hash: 75a60b70a1c97b301abeb1ba8ba407352b88704c456bef3290880e90a47e96bf
Instruction Fuzzy Hash: D1018C3A3042415AD321C66EFC40F9BB7D8EBC4620F05086EF5ADD3201D262A8899671

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C0D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1C0C0D87

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: a6dba30812b27c7e1282d23395e3defc08770f2e15018f1bf119abf7b4f2519e
Instruction ID: 26de3763966e890fa12cbd5eec74de8c471f6d1539977f708bcd59462f544be1
Opcode Fuzzy Hash: a6dba30812b27c7e1282d23395e3defc08770f2e15018f1bf119abf7b4f2519e
Instruction Fuzzy Hash: 71016D76204300AFE710DA5AEC80F96B7D9EB88714F144458F64DD7240D776BC459775

Uniqueness

Uniqueness Score: -1.00%

Function 1C09EF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C09EFA6
%s at line %d of [%.10s], xrefs: 1C09EFB5
misuse, xrefs: 1C09EFB0

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 407765bbe037b00eab6b248cd25ccc744c75a38e6cd9f11b4ab80603ce930511
Instruction ID: be9a3e666750cbb551a1045c80ae9172995a8a4aa98bb9721297ffdd44ab7f4f
Opcode Fuzzy Hash: 407765bbe037b00eab6b248cd25ccc744c75a38e6cd9f11b4ab80603ce930511
Instruction Fuzzy Hash: 9D01CCF1A02621DBD300CF08D848B5B7BF1AB92305F054029E85D6B281D3B1EC49CAE6

Uniqueness

Uniqueness Score: -1.00%

Function 1C109180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

%s_stat, xrefs: 1C109192

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s_stat
API String ID: 0-920702477
Opcode ID: 3b42032b1724835a12e7012dfd459b11e1c015743aa265c6b50495c52605a94c
Instruction ID: 9d5b3fb9403c5dd46b608e9c1dfd60b94ddcb612fca32ae06e39a80335e2d5d8
Opcode Fuzzy Hash: 3b42032b1724835a12e7012dfd459b11e1c015743aa265c6b50495c52605a94c
Instruction Fuzzy Hash: 28F02732B052923BE7008679BD40B86EBDAAF40170F144625F40CA2104C326BCA163B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B7F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN), xrefs: 1C0B7F76

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
API String ID: 0-3072645960
Opcode ID: 1a816daf0b5de539434b1fb5ee10228d9ac45c682afe519094f437a179442499
Instruction ID: 89ff1fa138a9345b6f96c62860f17ce42173fecf6a27cf485832864ec0bb6b7e
Opcode Fuzzy Hash: 1a816daf0b5de539434b1fb5ee10228d9ac45c682afe519094f437a179442499
Instruction Fuzzy Hash: 64F0F63A64430386D710DF19FC01BC9B7D5AFD0311F190125F948A6280E760E88987B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C24066B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,1C240513,?,?,?,?,?,?,1C2407BD,00000003,FlsSetValue,1C2B7770,1C2B7778), ref: 1C240678
GetLastError.KERNEL32(?,1C240513,?,?,?,?,?,?,1C2407BD,00000003,FlsSetValue,1C2B7770,1C2B7778), ref: 1C240682
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 1C2406AA

Strings

api-ms-, xrefs: 1C24068F

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: fa568477d8f94fa2b07449925b30f089ebc7d8c4805f7b54b858bb8528047b98
Instruction ID: 61edeaf5dc8ab30e8480a0abf4151663f0abdf87bf74b114384b80a25ab2540f
Opcode Fuzzy Hash: fa568477d8f94fa2b07449925b30f089ebc7d8c4805f7b54b858bb8528047b98
Instruction Fuzzy Hash: 95E04FB0740316FBEB101E61DC4AF593BB4AB50B90F308420FE0DE85D1DB76E894DA68

Uniqueness

Uniqueness Score: -1.00%

Function 1C196B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C196B50
cannot open file, xrefs: 1C196B59
%s at line %d of [%.10s], xrefs: 1C196B5E

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$cannot open file$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1799306995
Opcode ID: de3ff7d5297927bd4604531be2985e37df4c3349ba8991c7ce800b2f2bd26918
Instruction ID: 92f708fdedfcd992e16ae20b7017c3163e5470637c6b016e7737a1f79c0af10e
Opcode Fuzzy Hash: de3ff7d5297927bd4604531be2985e37df4c3349ba8991c7ce800b2f2bd26918
Instruction Fuzzy Hash: B2B0929A50028037DA027994CC01FC7AC716790AC0F8288A5B159392B6E0DAE090A272

Uniqueness

Uniqueness Score: -1.00%

Function 1C19A570 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C19A570
%s at line %d of [%.10s], xrefs: 1C19A57E
database corruption, xrefs: 1C19A579

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 2fd2ef9d59ad86a7ab8edc5fe096fa096016b061c72e1a0233f464cfd0ee330f
Instruction ID: 19752af2c3a75119e0a371599c7fc544470b3c4c8cce1d4904ef2fdc6985480e
Opcode Fuzzy Hash: 2fd2ef9d59ad86a7ab8edc5fe096fa096016b061c72e1a0233f464cfd0ee330f
Instruction Fuzzy Hash: FFB092A950034033DA0271948D01FC7BC715790AC0F8288A4B1093A2E2E2A9A450A2B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1CC1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1C1CC1F0
%s at line %d of [%.10s], xrefs: 1C1CC1FE
misuse, xrefs: 1C1CC1F9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 02905679375f024bf9558b25b95f01b782bfa7963d80f155796927ed0174bdf8
Instruction ID: 0c56e18e614db597fb27c574fd08b9c36ae3189b547bb728745ac80649b524fb
Opcode Fuzzy Hash: 02905679375f024bf9558b25b95f01b782bfa7963d80f155796927ed0174bdf8
Instruction Fuzzy Hash: 46B092A9510A48B7DB0261848C81FCBA8719BD07C6F8284A8B2697D2A6E0A9A0507272

Uniqueness

Uniqueness Score: -1.00%

Function 1C0F25E0 Relevance: 6.4, APIs: 4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260277ab85b882c87b5eb84f7ee453a467b73ca9f46a80da1a51c1b003394efa
Instruction ID: 71164f7bf8dced26636c28ee921f62f7563a32e83171cb7818037d94959f926e
Opcode Fuzzy Hash: 260277ab85b882c87b5eb84f7ee453a467b73ca9f46a80da1a51c1b003394efa
Instruction Fuzzy Hash: 32D193B0F05321DBD700DF65C98CB6A77F8BB64216F040529ED49C2281EB75E999CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 1C2867F5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(41CA9FC0,00000000,00000000,?), ref: 1C286858
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 1C286AAA
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1C286AF0
GetLastError.KERNEL32 ref: 1C286B93

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: b89154e70846c1217e3341740718ffad755c90a7d9ef647a1fb91b79d03492ca
Instruction ID: 064447de4b07a281f79dcaf617df0bfa57eea1510b0a64d944db27a4fe0b9aef
Opcode Fuzzy Hash: b89154e70846c1217e3341740718ffad755c90a7d9ef647a1fb91b79d03492ca
Instruction Fuzzy Hash: 6CD18CB5E01259DFDB10CFE8C884AEDBBF5EF08714F24416AE855EB381D630A946CB60

Uniqueness

Uniqueness Score: -1.00%

Function 1C138EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682f97129a381f591196e6e7e4bdb7b1654a2d5f85293014cfa22e26a458ad42
Instruction ID: ea6de86b326ed420771b773255b6224ad20167037c0995fb101be2817a0e8d1a
Opcode Fuzzy Hash: 682f97129a381f591196e6e7e4bdb7b1654a2d5f85293014cfa22e26a458ad42
Instruction Fuzzy Hash: BB515A716443C24FE710CF75994479AFBED9F4122AF0926AAE8C48B242E36ED588C371

Uniqueness

Uniqueness Score: -1.00%

Function 1C0B7DA0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c89a9312762b0d75e58a0e35e1730e1ef013d031eea00299d43cd9f45892480
Instruction ID: 4aa1fd815c8e1347bf138f6acc861fa09fb5ae34ecd5a12f2736a9d65c23e914
Opcode Fuzzy Hash: 7c89a9312762b0d75e58a0e35e1730e1ef013d031eea00299d43cd9f45892480
Instruction Fuzzy Hash: 8841DC7A6012019FE314CF19D980B56F7E0FF88324F28456AE9468BA22D772F855CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BCAE0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e05aeaf736107a053678c57906d5cc4ff8ce778583b176acde2ff07b950022
Instruction ID: 714f5492f139db16d8d161932d3e1cc21757d6e58aa94f11ecd50f86f7264b55
Opcode Fuzzy Hash: 24e05aeaf736107a053678c57906d5cc4ff8ce778583b176acde2ff07b950022
Instruction Fuzzy Hash: 1F31ADBAB052019FE710CF69D840B9AB3E4FB84721F10097AE909DB650E321E958DBB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BB1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction ID: 31f8bee3cc31b989367df3502b39e643c3de4c35f872a3dd08a83b357725e8bf
Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction Fuzzy Hash: FC317C79504F819BD720DB29E84079BB7E0BF95314F048A6DD99A96E00D372F48887B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C12CFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction ID: ebdaeecec93ea8bf943204f020306a2a2f27ee80bc45d9872f3721eef9880386
Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction Fuzzy Hash: AF21AE756407059FD750EF68C880A9ABBE0EB98700FA0082DE98593221E231F55C8BA6

Uniqueness

Uniqueness Score: -1.00%

Function 1C28F4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 1C28F4E0
GetLastError.KERNEL32(?,?,?,?), ref: 1C28F4ED
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 1C28F513
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 1C28F539

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: ed566a54b22f4ad7f935e593654d02353d3b26e1f2ba5c4a873efdcae6e88f8b
Instruction ID: c9dd26e31b52dcbb56e50601758d9563e092ffd3b46852c26f89fe23d66bb5f9
Opcode Fuzzy Hash: ed566a54b22f4ad7f935e593654d02353d3b26e1f2ba5c4a873efdcae6e88f8b
Instruction Fuzzy Hash: AC1115B190112AEBDB109F65CC49DDE3FB9EB04760F208145FA24A61E0D7719A50DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 1C092ABD Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 1C291382
GetLastError.KERNEL32 ref: 1C29138E
___initconout.LIBCMT ref: 1C29139E

Part of subcall function 1C291303: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1C2913A3), ref: 1C291316

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 1C2913B3

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: 2f29f04bbc17f662667dc21e183f7bbb508ffb530a08ed43dd1882fcffc8e2fa
Instruction ID: 806e425e3a478c268dc8d1239d005ea6768f525e935cbf8574e0367e03e42227
Opcode Fuzzy Hash: 2f29f04bbc17f662667dc21e183f7bbb508ffb530a08ed43dd1882fcffc8e2fa
Instruction Fuzzy Hash: 31F0A736A00176FFCF122FD7CC4DD993F71FB046A1F214114FD1985154CA3288209BA8

Uniqueness

Uniqueness Score: -1.00%

Function 1C0ABE80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1C0AC1B5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 4d98bc2b205761c83dda74cea0082b36f150c5e30b7f97c4c158ae1e7498a384
Instruction ID: 292968b35095f8e03d7ba6a98e7dc02aaae58e8cc13cee33b50b180cb73447f1
Opcode Fuzzy Hash: 4d98bc2b205761c83dda74cea0082b36f150c5e30b7f97c4c158ae1e7498a384
Instruction Fuzzy Hash: 3FA15D75609B868FE704CEA98C40756B7D1AF8A220F1A0B5DF8A1473D1E772D487CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 1C217300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON

Download Yara Rule

Strings

%!.15g, xrefs: 1C2175C3
-, xrefs: 1C217538

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %!.15g$-
API String ID: 0-583212262
Opcode ID: 095d56a3940f9762f04bda31c604b346bf978ec6c0b70154fadee7f3471c69d4
Instruction ID: b160968fff001eb64ef5312426e59add365658435c8d13b6e83c0fac0d3fe66e
Opcode Fuzzy Hash: 095d56a3940f9762f04bda31c604b346bf978ec6c0b70154fadee7f3471c69d4
Instruction Fuzzy Hash: 93917A71A083468FD304DF6DD89175AFBE0EBC8304F14492DE989CB351E7B9D8098BA2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0DCBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1C0DCE39

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 92a98226a5567aeec0e3e1e4469205d72dca542b27eb20c77871ef952db9efc4
Instruction ID: 6f4e7a848f4bc567a7468be628cff2a1ab7d24c9e9824efeae0fd6283abd0075
Opcode Fuzzy Hash: 92a98226a5567aeec0e3e1e4469205d72dca542b27eb20c77871ef952db9efc4
Instruction Fuzzy Hash: 198137B5A043158FDB00CF18DC41B6BB7E5BF84310F2A0A68FA8597291E375E949C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C1B78F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON

Download Yara Rule

Strings

?, xrefs: 1C1B794A
*, xrefs: 1C1B7982

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: *$?
API String ID: 0-2367018687
Opcode ID: 324d222b2c367ac81af2a7fe2762570a8a984a8968ab5e29537b675a1cd26d5b
Instruction ID: 47b4e418f86f46165ef606be5b28ec7b773a02825b3a71de0c0897d68fbcd35e
Opcode Fuzzy Hash: 324d222b2c367ac81af2a7fe2762570a8a984a8968ab5e29537b675a1cd26d5b
Instruction Fuzzy Hash: CC71F2B0A483518FD3118F29C98472BBBF6AB85210F5C496DE885E7301D775EA468FF2

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AC8E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

Strings

ESCAPE expression must be a single character, xrefs: 1C0ACA43
LIKE or GLOB pattern too complex, xrefs: 1C0AC94F

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 0-264706735
Opcode ID: 223182a10058f489ae55d62db707a117bf73bbe7d0a6db3ca75579872d0d341a
Instruction ID: 28599d16bf94eb763a0b5ac3390205c370dfbbafdf715ab0a0990dbdaf7d822c
Opcode Fuzzy Hash: 223182a10058f489ae55d62db707a117bf73bbe7d0a6db3ca75579872d0d341a
Instruction Fuzzy Hash: E161BE759042914FEB04CF94C885BB977D1AB41368F2A429CF8A29F2D2D677C487C3B0

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AD0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1C0AD213

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: be5be008c6585a187b11e6f10d0e30e2a16505cd1928a21ede2fdaa5aa64efb1
Instruction ID: 307af29e9d02d84be282f60c7fd3661e4d36ac30e74e3517fdc207bc29db1272
Opcode Fuzzy Hash: be5be008c6585a187b11e6f10d0e30e2a16505cd1928a21ede2fdaa5aa64efb1
Instruction Fuzzy Hash: CD4159729043419FE710CA68AC417DA7BD6EF61320F140A38EDA5533D2D62AE60ED3B3

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A55D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 1C0A56D1
winDelete, xrefs: 1C0A569C

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 0-1405699761
Opcode ID: 71aebaef46f953523a089b8235628ce2dbb9235aa956879de7b4a11b71cf66bd
Instruction ID: 14015a9442ffac672da696b1d37159bae6d513395b9d5de93f50eec18a252ce0
Opcode Fuzzy Hash: 71aebaef46f953523a089b8235628ce2dbb9235aa956879de7b4a11b71cf66bd
Instruction Fuzzy Hash: 7E311CB1F01621CBE710AAB89DCC56A77ECB761272B110625ED17C71E1D722C849C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 1C0AD300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1C0AD3D5

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 5367f0f0ba5656b5ec8875dc77bf53b2f91410c92b7dbffe1240f3074c2f6f8e
Instruction ID: 15013fe183379e6483a5ea18fb053a71e904d054e6f0a14a8d742b81ec06436d
Opcode Fuzzy Hash: 5367f0f0ba5656b5ec8875dc77bf53b2f91410c92b7dbffe1240f3074c2f6f8e
Instruction Fuzzy Hash: 723172B79083645BD700CB556C00BA677D59B81324F280268FD556F3C2D267EC1BD3B2

Uniqueness

Uniqueness Score: -1.00%

Function 1C18DEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 1C18DF4F
sqlite_stat1, xrefs: 1C18DF30

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1
API String ID: 0-3572622772
Opcode ID: 4df5633dccfe44bcb28d4d31e934736b8179d6398c25a6fcbc365105ec924df4
Instruction ID: 4402d9deff1eb68da43ef5776e6b16bd6256330e853c65e3922a771f5bd64af8
Opcode Fuzzy Hash: 4df5633dccfe44bcb28d4d31e934736b8179d6398c25a6fcbc365105ec924df4
Instruction Fuzzy Hash: ED21F875A493525FDB10EE26DC80E6BB7A4AF81724B4542ACFC4497251D320FC06DFB6

Uniqueness

Uniqueness Score: -1.00%

Function 1C227E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

OsError 0x%lx (%lu), xrefs: 1C227ED9

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: OsError 0x%lx (%lu)
API String ID: 0-3720535092
Opcode ID: ce3b57764310bc7038b3c26e8c7e44feec0e665c369b63ca60ad23b995a6c104
Instruction ID: a49de4c507fe13eab1220b5469cc8f5208855f2c90c0e24101c29de5c6e2ec22
Opcode Fuzzy Hash: ce3b57764310bc7038b3c26e8c7e44feec0e665c369b63ca60ad23b995a6c104
Instruction Fuzzy Hash: 8A21B3B1B05221EBE7009BA4DC8DF6B37B9EF11666F204428FD4AD1190DB70D914D7B6

Uniqueness

Uniqueness Score: -1.00%

Function 1C09141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

GetXStateFeaturesMask, xrefs: 1C270E34
InitializeCriticalSectionEx, xrefs: 1C270E84

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: 5309ba0cbdaf47ee26511f3384902d9b0203d94b20edf3f069835eb9a8292023
Instruction ID: 4f0987bbb3aa0d20c1060a64014f1951f5e895a184c4ddfe4c26fb4753430685
Opcode Fuzzy Hash: 5309ba0cbdaf47ee26511f3384902d9b0203d94b20edf3f069835eb9a8292023
Instruction Fuzzy Hash: BB01DF3AA00268B7CB117A918C09FDF7F26EB607B1F104011FE1C3A210DA729C24A6F0

Uniqueness

Uniqueness Score: -1.00%

Function 1C0BF740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 1C0BF752

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
API String ID: 0-2071071404
Opcode ID: 1af5cd716c0ef84db8bd32cbf29ba957394cf64092661ed6aba7704ea13aa6b9
Instruction ID: 8a337866f7ee482cbf0a6ca5711bd0475ab55ba2c523de8bbb4c67d4ca84b014
Opcode Fuzzy Hash: 1af5cd716c0ef84db8bd32cbf29ba957394cf64092661ed6aba7704ea13aa6b9
Instruction Fuzzy Hash: C61182B9A40111EBE200D7A9DC8CFBB33F8EB65256F10016DFD0993181EB61A945C6B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C5350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

F, xrefs: 1C0C539B

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: ab059d84d80e3871d38e8eff03886603eff26b87a58259f3d275868d1eca8b2f
Instruction ID: 5e7e41a274891a80348ee85080c8c1949ceb849d9878c9edd2843068140acb04
Opcode Fuzzy Hash: ab059d84d80e3871d38e8eff03886603eff26b87a58259f3d275868d1eca8b2f
Instruction Fuzzy Hash: 9B1160B56083408BD704DF15C45179FB7E4AFD8218F84486EE98A87290E779E508CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 1C0EEFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid = ?, xrefs: 1C0EF017

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: SELECT %s WHERE rowid = ?
API String ID: 0-866778640
Opcode ID: 6f4e74d412bb852ed540808bdadcb1d3017824c66d5bf46cb2f9276631bc2644
Instruction ID: dfe02ef4a5cdaf721717260b98c54ec32e8b350c976d1498f97d5ba03283e50b
Opcode Fuzzy Hash: 6f4e74d412bb852ed540808bdadcb1d3017824c66d5bf46cb2f9276631bc2644
Instruction Fuzzy Hash: 3411253220134A9FD7208B9AEC40F96F7D4EB40321F10862EF55A96A40E772B4559BB0

Uniqueness

Uniqueness Score: -1.00%

Function 1C0C7200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

Strings

invalid, xrefs: 1C0C721B
API call with %s database connection pointer, xrefs: 1C0C7220

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$invalid
API String ID: 0-3574585026
Opcode ID: 8c12f3713f6e2db454fac3f0423658bd97ccb33af4b6919104798d0d496d5c15
Instruction ID: d006072d7d896640a16ab13ffdc6e481e16a47e4ffae5bc26e455faf88a1a63d
Opcode Fuzzy Hash: 8c12f3713f6e2db454fac3f0423658bd97ccb33af4b6919104798d0d496d5c15
Instruction Fuzzy Hash: CBF04670F026209BD620862CAC14BAB73EB5F50721F1005D5F7A6922E0CA20F844C6B5

Uniqueness

Uniqueness Score: -1.00%

Function 1C0A85B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem), xrefs: 1C0A85B6

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem)
API String ID: 0-3640693396
Opcode ID: d8d190f12627e7851e75d67fff70e8457d8acb36237d064c676410dc9f4cb20b
Instruction ID: b2fd54d0e11aeaab5c2caa2bfa680edc22c1e36bdc0a46dc0977ed9cd2920646
Opcode Fuzzy Hash: d8d190f12627e7851e75d67fff70e8457d8acb36237d064c676410dc9f4cb20b
Instruction Fuzzy Hash: 61F090316442118BD2019B6EF800BCAA7D89FD1665F064266F808DB250E7A0FD86CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 1C09B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1C09B238
misuse, xrefs: 1C09B233

Memory Dump Source

Source File: 00000002.00000002.2865973155.000000001C098000.00000020.00001000.00020000.00000000.sdmp, Offset: 1C090000, based on PE: true

Associated: 00000002.00000002.2865947683.000000001C090000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C091000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C1F6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2865973155.000000001C29D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C29F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866592899.000000001C2A8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866728997.000000001C2D2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2866748482.000000001C2DF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1c090000_RegAsm.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$misuse
API String ID: 0-2530468415
Opcode ID: 1f127f41995596af39d17dc3701aeb929bf20ec0ebefc407cf1d48ca1d1395ad
Instruction ID: c6e32a80ab0f13bcc6e5f8fc50e48b5f9becdb8f8c8bde15914f91ccab59f7b3
Opcode Fuzzy Hash: 1f127f41995596af39d17dc3701aeb929bf20ec0ebefc407cf1d48ca1d1395ad
Instruction Fuzzy Hash: 52C01261540349E7CB01DED4AC41ECB67309F90B94B4181A1BA382908A9264916D5265

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGDAAKJJ

C:\ProgramData\BKKFHIEG

C:\ProgramData\BKKFHIEGDHJKECAAKKEBAFIJKF

C:\ProgramData\CGDGCFBA

C:\ProgramData\CGHCGIID

C:\ProgramData\GIJECGDGCBKECAKFBGCA

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Function 00E051FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 00DF1379 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 287
COMMON

Function 00E00143 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 00E07965 Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Function 00DF53C9 Relevance: 3.1, APIs: 2, Instructions: 116
COMMON

Function 00E07567 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Function 00E04EE6 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Function 00DF3D0A Relevance: 3.0, APIs: 2, Instructions: 31
memoryCOMMON

Function 00E052C6 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre