Edit tour

Windows Analysis Report
vjYcExA6ou.exe

Overview

General Information

Sample name:	vjYcExA6ou.exe renamed because original name is a hash value
Original sample name:	c5f20b0cb835adff91c281ba3e9995e3.exe
Analysis ID:	1464859
MD5:	c5f20b0cb835adff91c281ba3e9995e3
SHA1:	b7edfc4fb9befe9acf241e423741e27d68dfd832
SHA256:	416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
Tags:	32exetrojan
Infos:

Detection

PureLog Stealer, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected Vidar stealer

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

vjYcExA6ou.exe (PID: 5504 cmdline: "C:\Users\user\Desktop\vjYcExA6ou.exe" MD5: C5F20B0CB835ADFF91C281BA3E9995E3)

MSBuild.exe (PID: 5548 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 1892 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 6332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 3396 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "04528874bc19972336f89c7a55ea182c"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
vjYcExA6ou.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
vjYcExA6ou.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000000.2007705675.0000000000932000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Process Memory Space: vjYcExA6ou.exe PID: 5504	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: vjYcExA6ou.exe PID: 5504	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: vjYcExA6ou.exe PID: 5504	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MSBuild.exe PID: 3396	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 3396	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSBuild.exe PID: 3396	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
5.2.MSBuild.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.4382790.7.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.441d610.5.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.43e9be0.9.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.441d610.5.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.2.MSBuild.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.43e9be0.9.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.434ed60.11.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.vjYcExA6ou.exe.434ed60.11.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.0.vjYcExA6ou.exe.930000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.vjYcExA6ou.exe.930000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 7 entries

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 3396, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199707802586	Avira URL Cloud: Label: malware
Source: https://t.me/g067n	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "04528874bc19972336f89c7a55ea182c"}

Multi AV Scanner detection for submitted file

Source: vjYcExA6ou.exe	ReversingLabs: Detection: 18%
Source: vjYcExA6ou.exe	Virustotal: Detection: 20%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Sample uses string decryption to hide its real strings

Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetProcAddress
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: LoadLibraryA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: lstrcatA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: OpenEventA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateEventA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CloseHandle
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Sleep
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: VirtualFree
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetSystemInfo
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: VirtualAlloc
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HeapAlloc
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetComputerNameA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: lstrcpyA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetProcessHeap
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetCurrentProcess
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: lstrlenA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ExitProcess
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetSystemTime
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: advapi32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: gdi32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: user32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: crypt32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ntdll.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetUserNameA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateDCA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetDeviceCaps
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ReleaseDC
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sscanf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: NtQueryInformationProcess
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: VMwareVMware
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HAL9TH
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: JohnDoe
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DISPLAY
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetFileAttributesA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GlobalLock
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HeapFree
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetFileSize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GlobalSize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: IsWow64Process
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Process32Next
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetLocalTime
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: FreeLibrary
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Process32First
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DeleteFileA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: FindNextFileA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: LocalFree
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: FindClose
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: LocalAlloc
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetFileSizeEx
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ReadFile
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SetFilePointer
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: WriteFile
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateFileA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: FindFirstFileA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CopyFileA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: VirtualProtect
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetLastError
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: lstrcpynA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GlobalFree
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GlobalAlloc
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: OpenProcess
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: TerminateProcess
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: gdiplus.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ole32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: bcrypt.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: wininet.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: shlwapi.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: shell32.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: psapi.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SelectObject
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BitBlt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DeleteObject
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdiplusStartup
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdiplusShutdown
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipDisposeImage
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GdipFree
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CoUninitialize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CoInitialize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CoCreateInstance
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptDecrypt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptSetProperty
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetWindowRect
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetDesktopWindow
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetDC
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CloseWindow
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: wsprintfA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CharToOemW
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: wsprintfW
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RegQueryValueExA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RegCloseKey
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RegEnumValueA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CryptUnprotectData
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ShellExecuteExA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetConnectA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetCloseHandle
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetOpenA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HttpSendRequestA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetReadFile
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: StrCmpCA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: StrStrA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: StrCmpCW
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PathMatchSpecA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RmStartSession
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RmRegisterResources
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RmGetList
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: RmEndSession
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_open
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_step
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_column_text
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_finalize
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_close
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: encrypted_key
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PATH
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: NSS_Init
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: NSS_Shutdown
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PK11_Authenticate
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: C:\ProgramData\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Soft:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: profile:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Host:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Login:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Password:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Opera
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: OperaGX
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Network
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Cookies
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: .txt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: TRUE
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: FALSE
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Autofill
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: History
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Name:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Month:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Year:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Card:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Cookies
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Login Data
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Web Data
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: History
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: logins.json
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: formSubmitURL
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: usernameField
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: guid
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: cookies.sqlite
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: formhistory.sqlite
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: places.sqlite
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Plugins
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Local Extension Settings
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Sync Extension Settings
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: IndexedDB
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Opera Stable
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Opera GX Stable
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: CURRENT
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: chrome-extension_
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: _0.indexeddb.leveldb
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Local State
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: profiles.ini
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: chrome
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: opera
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: firefox
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Wallets
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %08lX%04lX%lu
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ProductName
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ProcessorNameString
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DisplayName
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DisplayVersion
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: freebl3.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: mozglue.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: msvcp140.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: nss3.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: softokn3.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: vcruntime140.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Temp\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: .exe
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: runas
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: open
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: /c start
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %DESKTOP%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %APPDATA%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %USERPROFILE%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %DOCUMENTS%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %PROGRAMFILES%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %PROGRAMFILES_86%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: %RECENT%
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: *.lnk
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Files
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \discord\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Local Storage\leveldb
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Telegram Desktop\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: key_datas
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: map*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Telegram
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: *.tox
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: *.ini
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Password
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: 00000001
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: 00000002
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: 00000003
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: 00000004
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Outlook\accounts.txt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Pidgin
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \.purple\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: accounts.xml
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: token:
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Software\Valve\Steam
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: SteamPath
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \config\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ssfn*
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: config.vdf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DialogConfig.vdf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: libraryfolders.vdf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: loginusers.vdf
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Steam\
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: sqlite3.dll
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: browsers
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: done
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Soft
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: \Discord\tokens.txt
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: https
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: POST
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: HTTP/1.1
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: hwid
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: build
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: token
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: file_name
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: file
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: message
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack	String decryptor: screenshot.jpg

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00407E41 CryptUnprotectData,LocalAlloc,LocalFree,	5_2_00407E41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041302D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	5_2_0041302D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00407DC2 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	5_2_00407DC2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040AB80 memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcatA,lstrcatA,lstrcatA,	5_2_0040AB80

Source: vjYcExA6ou.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49706 version: TLS 1.2

Source: vjYcExA6ou.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: kernelsoft.pdb source: vjYcExA6ou.exe
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\IeEPZ.pdb source: vjYcExA6ou.exe, 00000000.00000002.2017275765.0000000005A00000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdbH] source: vjYcExA6ou.exe, 00000000.00000002.2014897676.0000000003281000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014839130.0000000003250000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdb source: vjYcExA6ou.exe, 00000000.00000002.2014897676.0000000003281000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014839130.0000000003250000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_00409FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_00401443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_0040E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_0040C039
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	5_2_004164C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	5_2_0040BC98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	5_2_00416D7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	5_2_0040D690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	5_2_0040C6B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_004177D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	5_2_0041738D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_004169EC GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,

5_2_004169EC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h

0_2_05D1D4D0

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199707802586
Source: Malware configuration extractor	URLs: https://t.me/g067n

Yara detected Generic Downloader

Source: Yara match	File source: vjYcExA6ou.exe, type: SAMPLE
Source: Yara match	File source: 0.0.vjYcExA6ou.exe.930000.0.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.5:49707 -> 195.201.251.214:9000

Source: global traffic

TCP traffic: 192.168.2.5:62239 -> 162.159.36.2:53

Source: global traffic

HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 195.201.251.214 195.201.251.214
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View

ASN Name: TELEGRAMRU TELEGRAMRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.251.214

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_004058C4 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlenA,lstrlenA,GetProcessHeap,HeapAlloc,lstrlenA,memcpy,lstrlenA,lstrlenA,memcpy,lstrlenA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

5_2_004058C4

Source: global traffic

HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: 56.126.166.20.in-addr.arpa

Source: vjYcExA6ou.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: vjYcExA6ou.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: vjYcExA6ou.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: vjYcExA6ou.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: vjYcExA6ou.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: vjYcExA6ou.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: vjYcExA6ou.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: vjYcExA6ou.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: vjYcExA6ou.exe	String found in binary or memory: http://ocsp.digicert.com0N
Source: vjYcExA6ou.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: vjYcExA6ou.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: MSBuild.exe, 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.5.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214/
Source: MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214/i
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D59000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/
Source: MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/%
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/Microsoft
Source: MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/Q
Source: MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/f
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/freebl3.dll
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/freebl3.dlldge
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/mozglue.dll
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/mozglue.dll))%
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/mozglue.dlldge
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll%)
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll1)
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll15;
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dllge
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/nss3.dll
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/nss3.dll2h
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/nss3.dllt
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dll
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dllge
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/sqlt.dll
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dll
Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dll$
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dllser
Source: MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/y
Source: MSBuild.exe, 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000f54txtft
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000ng
Source: MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000ontent-Disposition:
Source: HDAAAA.5.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: HDAAAA.5.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: HDAAAA.5.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: HDAAAA.5.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: HDAAAA.5.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: HDAAAA.5.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HDAAAA.5.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: vjYcExA6ou.exe	String found in binary or memory: https://github.com/mullvad/mullvadvpn-app#readme0
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-15916
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-159168
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-18203
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-18203.
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-20454
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-20454G
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-20455
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-20455N
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-21228
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-7046
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-7046Q
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.adguard.com/browse/AG-7791
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.int.agrd.dev/browse/AG-32263
Source: vjYcExA6ou.exe	String found in binary or memory: https://jira.int.agrd.dev/browse/AG-32263-
Source: vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586
Source: vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067n
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067ni
Source: vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067nry1neMozilla/5.0
Source: MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: vjYcExA6ou.exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: HDAAAA.5.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: HDAAAA.5.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49706 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00413160 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

5_2_00413160

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013DA108	0_2_013DA108
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013DB558	0_2_013DB558
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013DE7C0	0_2_013DE7C0
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013D31A8	0_2_013D31A8
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013D3198	0_2_013D3198
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013D3558	0_2_013D3558
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_013D3548	0_2_013D3548
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05797538	0_2_05797538
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05794458	0_2_05794458
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05798730	0_2_05798730
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05792106	0_2_05792106
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_057981A8	0_2_057981A8
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_0579A3A0	0_2_0579A3A0
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05799A80	0_2_05799A80
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05797528	0_2_05797528
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05794448	0_2_05794448
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05792C38	0_2_05792C38
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_057994D8	0_2_057994D8
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_057994C9	0_2_057994C9
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05798720	0_2_05798720
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_0579A148	0_2_0579A148
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_0579A13A	0_2_0579A13A
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05798198	0_2_05798198
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_0579A390	0_2_0579A390
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05799A70	0_2_05799A70
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05798A98	0_2_05798A98
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05798A88	0_2_05798A88
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05D11B10	0_2_05D11B10
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05D13036	0_2_05D13036
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Code function: 0_2_05D13201	0_2_05D13201
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041ECEC	5_2_0041ECEC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041E919	5_2_0041E919
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041EEC1	5_2_0041EEC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041F6CF	5_2_0041F6CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE4CF0	5_2_21FE4CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD209F	5_2_21FD209F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2205A0B0	5_2_2205A0B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FFA560	5_2_21FFA560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD47AF	5_2_21FD47AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE66C0	5_2_21FE66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220CA590	5_2_220CA590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2210E800	5_2_2210E800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD3E3B	5_2_21FD3E3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD481D	5_2_21FD481D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220EA900	5_2_220EA900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220CA940	5_2_220CA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FDEA80	5_2_21FDEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FDAA40	5_2_21FDAA40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220B69C0	5_2_220B69C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22016E80	5_2_22016E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_221AAEBE	5_2_221AAEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22032EE0	5_2_22032EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD19DD	5_2_21FD19DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FDF160	5_2_21FDF160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22003370	5_2_22003370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD174E	5_2_21FD174E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22007810	5_2_22007810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FFBAB0	5_2_21FFBAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD251D	5_2_21FD251D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD290A	5_2_21FD290A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD3AB2	5_2_21FD3AB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220F8030	5_2_220F8030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22050090	5_2_22050090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22058120	5_2_22058120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22034760	5_2_22034760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22068760	5_2_22068760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22110480	5_2_22110480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FF8763	5_2_21FF8763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FF8680	5_2_21FF8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220D4A60	5_2_220D4A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FDC800	5_2_21FDC800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD1EF1	5_2_21FD1EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2200CE10	5_2_2200CE10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FF8D2A	5_2_21FF8D2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_221AD209	5_2_221AD209
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD3580	5_2_21FD3580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220653B0	5_2_220653B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE9000	5_2_21FE9000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220F5040	5_2_220F5040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22079690	5_2_22079690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2208D6D0	5_2_2208D6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FDD4C0	5_2_21FDD4C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22139430	5_2_22139430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220F9A20	5_2_220F9A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD2018	5_2_21FD2018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD1C9E	5_2_21FD1C9E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22085940	5_2_22085940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD2AA9	5_2_21FD2AA9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD12A8	5_2_21FD12A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22001C50	5_2_22001C50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD292D	5_2_21FD292D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22139CC0	5_2_22139CC0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 221B06B1 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 21FD395E appears 81 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 21FD1F5A appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 21FD3AF3 appears 37 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 00404239 appears 287 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 21FD1C2B appears 47 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 21FD415B appears 173 times

Source: vjYcExA6ou.exe

Static PE information: invalid certificate

Source: vjYcExA6ou.exe, 00000000.00000002.2013998745.00000000013EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2014897676.000000000334B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclrjit.dllT vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2014897676.000000000334B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2014897676.000000000334B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q,\\StringFileInfo\\040904B0\\OriginalFilename vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2014897676.0000000003281000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePE.dll& vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2017275765.0000000005A00000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIeEPZ.dll0 vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe, 00000000.00000002.2014839130.0000000003250000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamePE.dll& vs vjYcExA6ou.exe
Source: vjYcExA6ou.exe	Binary or memory string: OriginalFilenamekernelsoft.exe$ vs vjYcExA6ou.exe

Source: vjYcExA6ou.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 0.2.vjYcExA6ou.exe.3250000.0.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.vjYcExA6ou.exe.3250000.0.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.vjYcExA6ou.exe.32c9f80.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.vjYcExA6ou.exe.32c9f80.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.vjYcExA6ou.exe.5a00000.12.raw.unpack, FJWhwL.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@9/11@2/2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_0041246A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

5_2_0041246A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_004129BF CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,

5_2_004129BF

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vjYcExA6ou.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Mutant created: NULL

Source: vjYcExA6ou.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: vjYcExA6ou.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: MSBuild.exe, MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: MSBuild.exe, MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: FIJECA.5.dr, AFHDAK.5.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: MSBuild.exe, MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: vjYcExA6ou.exe	ReversingLabs: Detection: 18%
Source: vjYcExA6ou.exe	Virustotal: Detection: 20%

Source: vjYcExA6ou.exe	String found in binary or memory: /stopService
Source: vjYcExA6ou.exe	String found in binary or memory: /stopService
Source: vjYcExA6ou.exe	String found in binary or memory: /reinstall
Source: vjYcExA6ou.exe	String found in binary or memory: in-addr.arpa

Source: unknown	Process created: C:\Users\user\Desktop\vjYcExA6ou.exe "C:\Users\user\Desktop\vjYcExA6ou.exe"
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: vjYcExA6ou.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: vjYcExA6ou.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: vjYcExA6ou.exe

Static file information: File size 4585688 > 1048576

Source: vjYcExA6ou.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x43f800

Source: vjYcExA6ou.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: vjYcExA6ou.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: kernelsoft.pdb source: vjYcExA6ou.exe
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\IeEPZ.pdb source: vjYcExA6ou.exe, 00000000.00000002.2017275765.0000000005A00000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdbH] source: vjYcExA6ou.exe, 00000000.00000002.2014897676.0000000003281000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014839130.0000000003250000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdb source: vjYcExA6ou.exe, 00000000.00000002.2014897676.0000000003281000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014839130.0000000003250000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.5.dr

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.vjYcExA6ou.exe.3250000.0.raw.unpack, fDX9tehJ5EFemhKZwc.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.vjYcExA6ou.exe.32c9f80.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_0041B050

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00421EF5 push ecx; ret	5_2_00421F08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD10C8 push ecx; ret	5_2_221D3552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD1BF9 push ecx; ret	5_2_22174C03

Source: 0.2.vjYcExA6ou.exe.3250000.0.raw.unpack, fDX9tehJ5EFemhKZwc.cs	High entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'NvQOxwsIFR', 'QsUuklFoHUiQD', 'MCRoDX9te', 'l5EbFemhK', 'uwcnnhQXJ', 'J3PigtLyh', 'PwdNpFGeB', 'XCj67ZIOy', 'w09DYCs5D'
Source: 0.2.vjYcExA6ou.exe.3250000.0.raw.unpack, zcrmeG4DKc05Qj8A7l.cs	High entropy of concatenated method names: 'Ys7O1WDVbX', 'EIxO3RK2jf', 'ov3OzJmFFU', 'KJS0ILfinW', 'Gtt0O5H9rf', 'Gvj00KAYqN', 'hUG0r1tocH', 'PBb0lrpBsM', 'pGy05VOh0y', 'j3M0RfBB5l'
Source: 0.2.vjYcExA6ou.exe.32c9f80.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	High entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'NvQOxwsIFR', 'QsUuklFoHUiQD', 'MCRoDX9te', 'l5EbFemhK', 'uwcnnhQXJ', 'J3PigtLyh', 'PwdNpFGeB', 'XCj67ZIOy', 'w09DYCs5D'
Source: 0.2.vjYcExA6ou.exe.32c9f80.1.raw.unpack, zcrmeG4DKc05Qj8A7l.cs	High entropy of concatenated method names: 'Ys7O1WDVbX', 'EIxO3RK2jf', 'ov3OzJmFFU', 'KJS0ILfinW', 'Gtt0O5H9rf', 'Gvj00KAYqN', 'hUG0r1tocH', 'PBb0lrpBsM', 'pGy05VOh0y', 'j3M0RfBB5l'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqlt[1].dll

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

5_2_0041B050

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: vjYcExA6ou.exe PID: 5504, type: MEMORYSTR

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory allocated: 13D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory allocated: 3280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory allocated: 1670000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqlt[1].dll

Jump to dropped file

Source: C:\Users\user\Desktop\vjYcExA6ou.exe TID: 2436

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_00409FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_00401443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_0040E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_0040C039
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	5_2_004164C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	5_2_0040BC98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	5_2_00416D7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	5_2_0040D690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	5_2_0040C6B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	5_2_004177D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	5_2_0041738D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_004169EC GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,

5_2_004169EC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00411F21 GetSystemInfo,wsprintfA,

5_2_00411F21

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: EHDGCG.5.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: EHDGCG.5.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: EHDGCG.5.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3251961144.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: EHDGCG.5.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: EHDGCG.5.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: EHDGCG.5.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: EHDGCG.5.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: EHDGCG.5.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: EHDGCG.5.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: EHDGCG.5.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: EHDGCG.5.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: EHDGCG.5.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: EHDGCG.5.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: EHDGCG.5.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: EHDGCG.5.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: MSBuild.exe, 00000005.00000002.3251961144.0000000000C68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: EHDGCG.5.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: EHDGCG.5.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: EHDGCG.5.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: EHDGCG.5.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

API call chain: ExitProcess graph end node

graph_5-91111

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00421C0B memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00421C0B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

5_2_0041B050

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_0041ACF3 mov eax, dword ptr fs:[00000030h]

5_2_0041ACF3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

5_2_004058C4

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00421C0B memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00421C0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_00423DCD SetUnhandledExceptionFilter,	5_2_00423DCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_0042224F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_0042224F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD42AF SetUnhandledExceptionFilter,	5_2_21FD42AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FD2C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_21FD2C8E

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: vjYcExA6ou.exe PID: 5504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3396, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00410A14 memset,memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

5_2_00410A14

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004138BA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,		5_2_004138BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_004137BD CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		5_2_004137BD

Writes to foreign memory regions

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 425000	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42E000	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 643000	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 984008	Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00401000 cpuid

5_2_00401000

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	5_2_00411D31
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_21FD298C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: EnumSystemLocalesW,	5_2_221AFF17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,	5_2_21FD2112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,	5_2_21FD2112

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Queries volume information: C:\Users\user\Desktop\vjYcExA6ou.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vjYcExA6ou.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00411C63 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

5_2_00411C63

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00411BEC GetProcessHeap,HeapAlloc,GetUserNameA,

5_2_00411BEC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 5_2_00411CBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

5_2_00411CBF

Source: C:\Users\user\Desktop\vjYcExA6ou.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: MSBuild.exe, 00000005.00000002.3252361235.0000000000D24000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: vjYcExA6ou.exe, type: SAMPLE
Source: Yara match	File source: 0.0.vjYcExA6ou.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2007705675.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 5.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.4382790.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.441d610.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.43e9be0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.441d610.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.43e9be0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.434ed60.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.434ed60.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vjYcExA6ou.exe PID: 5504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3396, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Source: Yara match

File source: Process Memory Space: MSBuild.exe PID: 3396, type: MEMORYSTR

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: vjYcExA6ou.exe, type: SAMPLE
Source: Yara match	File source: 0.0.vjYcExA6ou.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2007705675.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 5.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.4382790.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.441d610.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.43e9be0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.4382790.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.441d610.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.43e9be0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.434ed60.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vjYcExA6ou.exe.434ed60.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vjYcExA6ou.exe PID: 5504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3396, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2203E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	5_2_2203E200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2203E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	5_2_2203E090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2204E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_2204E170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2204A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	5_2_2204A6F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE66C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	5_2_21FE66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2202EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	5_2_2202EF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22093770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_22093770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220B37E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_220B37E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FFB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	5_2_21FFB400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22007810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	5_2_22007810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22048200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	5_2_22048200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220B4140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	5_2_220B4140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220206E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	5_2_220206E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22008430 sqlite3_bind_int64,	5_2_22008430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22028550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	5_2_22028550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FF8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	5_2_21FF8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE4820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	5_2_21FE4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22008970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	5_2_22008970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22000FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	5_2_22000FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22008CB0 sqlite3_bind_zeroblob,	5_2_22008CB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220B4D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	5_2_220B4D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2208D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_2208D3B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22069090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	5_2_22069090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220751D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_220751D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220AD610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_220AD610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220F14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	5_2_220F14D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220FD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	5_2_220FD4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220755B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_220755B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2204DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	5_2_2204DB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22075910 sqlite3_mprintf,sqlite3_bind_int64,	5_2_22075910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_220FD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	5_2_220FD9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_21FE5C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	5_2_21FE5C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_2204DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	5_2_2204DFC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 5_2_22051FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	5_2_22051FE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	511 Process Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	44 System Information Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	41 Security Software Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	511 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
vjYcExA6ou.exe	18%	ReversingLabs
vjYcExA6ou.exe	21%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqlt[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
t.me	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
56.126.166.20.in-addr.arpa	3%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20455N	0%	Avira URL Cloud	safe
https://t.me/	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
https://t.me/	0%	Virustotal		Browse
https://195.201.251.214:9000/vcruntime140.dllser	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://195.201.251.214:9000/mozglue.dll	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/y	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/mozglue.dll	0%	Virustotal		Browse
https://195.201.251.214:9000/nss3.dll	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-7046	0%	Avira URL Cloud	safe
https://jira.int.agrd.dev/browse/AG-32263-	0%	Avira URL Cloud	safe
https://web.telegram.org	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-7046	0%	Virustotal		Browse
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/nss3.dll	0%	Virustotal		Browse
https://195.201.251.214:9000/msvcp140.dllge	0%	Avira URL Cloud	safe
https://jira.int.agrd.dev/browse/AG-32263-	1%	Virustotal		Browse
https://195.201.251.214:9000/y	0%	Virustotal		Browse
https://web.telegram.org	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-21228	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20455N	0%	Virustotal		Browse
https://195.201.251.214:9000/	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-7046Q	0%	Avira URL Cloud	safe
https://jira.int.agrd.dev/browse/AG-32263	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/msvcp140.dll15;	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/mozglue.dll))%	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20455	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-7046Q	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-20454	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-21228	0%	Virustotal		Browse
https://jira.int.agrd.dev/browse/AG-32263	1%	Virustotal		Browse
https://jira.adguard.com/browse/AG-15916	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/freebl3.dlldge	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20454	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-20455	0%	Virustotal		Browse
https://github.com/mullvad/mullvadvpn-app#readme0	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/%	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Virustotal		Browse
https://195.201.251.214:9000/freebl3.dll	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-15916	0%	Virustotal		Browse
https://195.201.251.214:9000ng	0%	Avira URL Cloud	safe
https://t.me/g067ni	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/softokn3.dll	0%	Avira URL Cloud	safe
https://t.me/g067nry1neMozilla/5.0	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/freebl3.dll	0%	Virustotal		Browse
http://www.sqlite.org/copyright.html.	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/%	3%	Virustotal		Browse
https://github.com/mullvad/mullvadvpn-app#readme0	0%	Virustotal		Browse
https://195.201.251.214:9000/vcruntime140.dll$	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/Microsoft	0%	Avira URL Cloud	safe
https://t.me/g067ni	0%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/msvcp140.dll	0%	Avira URL Cloud	safe
https://195.201.251.214/i	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/msvcp140.dll%)	0%	Avira URL Cloud	safe
http://www.sqlite.org/copyright.html.	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-18203.	0%	Avira URL Cloud	safe
https://t.me/g067nry1neMozilla/5.0	0%	Virustotal		Browse
https://195.201.251.214:9000/softokn3.dllge	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/mozglue.dlldge	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/softokn3.dll	0%	Virustotal		Browse
https://jira.adguard.com/browse/AG-159168	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/msvcp140.dll1)	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20454G	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/nss3.dllt	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/vcruntime140.dll	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199707802586	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/f	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-7791	0%	Avira URL Cloud	safe
https://t.me/g067n	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/nss3.dll2h	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-18203	0%	Avira URL Cloud	safe
https://195.201.251.214:9000f54txtft	0%	Avira URL Cloud	safe
https://195.201.251.214/	0%	Avira URL Cloud	safe
https://195.201.251.214:9000	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/sqlt.dll	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://195.201.251.214:9000ontent-Disposition:	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/Q	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t.me	149.154.167.99	true	true	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
56.126.166.20.in-addr.arpa	unknown	unknown	false	3%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199707802586	true	Avira URL Cloud: malware	unknown
https://t.me/g067n	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	HDAAAA.5.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/	MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20455N	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	HDAAAA.5.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/vcruntime140.dllser	MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/mozglue.dll	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/nss3.dll	MSBuild.exe, 00000005.00000002.3252361235.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/y	MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-7046	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.int.agrd.dev/browse/AG-32263-	vjYcExA6ou.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://web.telegram.org	MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/	MSBuild.exe, 00000005.00000002.3252361235.0000000000D59000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/msvcp140.dllge	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	HDAAAA.5.dr	false	URL Reputation: safe	unknown
https://jira.adguard.com/browse/AG-21228	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-7046Q	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.int.agrd.dev/browse/AG-32263	vjYcExA6ou.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/msvcp140.dll15;	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/mozglue.dll))%	MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20455	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20454	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-15916	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/freebl3.dlldge	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mullvad/mullvadvpn-app#readme0	vjYcExA6ou.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/%	MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	HDAAAA.5.dr	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/freebl3.dll	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000ng	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dll	MSBuild.exe, 00000005.00000002.3252361235.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/g067ni	MSBuild.exe, 00000005.00000002.3251961144.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/g067nry1neMozilla/5.0	vjYcExA6ou.exe, 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, vjYcExA6ou.exe, 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	MSBuild.exe, 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3257687404.000000001C27A000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.5.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/vcruntime140.dll$	MSBuild.exe, 00000005.00000002.3252361235.0000000000D79000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/Microsoft	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	HDAAAA.5.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/msvcp140.dll	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214/i	MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/msvcp140.dll%)	MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-18203.	vjYcExA6ou.exe	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dllge	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/mozglue.dlldge	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	HDAAAA.5.dr	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-159168	vjYcExA6ou.exe	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/msvcp140.dll1)	MSBuild.exe, 00000005.00000002.3252361235.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	HDAAAA.5.dr	false	URL Reputation: safe	unknown
https://jira.adguard.com/browse/AG-20454G	vjYcExA6ou.exe	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/nss3.dllt	MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/vcruntime140.dll	MSBuild.exe, 00000005.00000002.3252361235.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	HDAAAA.5.dr	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/f	MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-7791	vjYcExA6ou.exe	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/nss3.dll2h	MSBuild.exe, 00000005.00000002.3252361235.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-18203	vjYcExA6ou.exe	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000f54txtft	MSBuild.exe, 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214/	MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000	MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	HDAAAA.5.dr	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/sqlt.dll	MSBuild.exe, 00000005.00000002.3251961144.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3252291874.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000ontent-Disposition:	MSBuild.exe, 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/Q	MSBuild.exe, 00000005.00000002.3252210908.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
195.201.251.214	unknown	Germany		24940	HETZNER-ASDE	false
149.154.167.99	t.me	United Kingdom		62041	TELEGRAMRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1464859
Start date and time:	2024-06-30 16:32:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	vjYcExA6ou.exe renamed because original name is a hash value
Original Sample Name:	c5f20b0cb835adff91c281ba3e9995e3.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@9/11@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 114 Number of non-executed functions: 182
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.126.163, 2.19.126.137, 13.85.23.86, 192.229.221.95, 20.3.187.198, 13.85.23.206, 20.166.126.56, 20.12.23.50, 40.127.169.103
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:33:06	API Interceptor	1x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
195.201.251.214	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse
149.154.167.99	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	KeyboardRGB.exe	Get hash	malicious	Unknown	Browse	t.me/cinoshibot
	file.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	149.154.167.99
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	149.154.167.99
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	149.154.167.99
	project.exe	Get hash	malicious	RedLine	Browse	149.154.167.99
	WR0fuHnEVW.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	BRWgvKaqbg.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	149.154.167.99
	Resolucion Juridica Bloqueo Cuentas y servicios SRI.vbs.xz	Get hash	malicious	Unknown	Browse	104.21.51.236
fp2e7a.wpc.phicdn.net	https://bit.ly/3RPGSFw?lBj=IgAqyyGiOF?ehd=cNhnM3Ug7I	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfF3sPeQKBD_Act5bCCrkUMkGrd87GXE85ptSvU0h8H9S97li_YZ1W2sNi71P90U8x627NEH6e-kCa62tjlvXVsamrSGp1TAMFtfgRydM8D-QFp4rxbgAeEilnkMUdRVDSB2T_2Qfh0hQuA2S3kIGAGxxOhLGRZlimak4HvWAhPpr3cGXO1dkFMRkycppPQIWKMCxf7zn-Sf2FKVlkV3bIiKpv65JecmpKmv7K1YnibkbTtyYKjzM0RBpe8SGtfO5gpSHLvPTYqZjsrGpeXbXcWmlaR9PZhWomJ586b1OeF7psyrkOXu7PHMFbYVK6t7rkfnsF9FVAXEF_z9qYdd6yq7sZRqhCkgEwDqZaPg8lBDqiVI04is9Ux1ckCdi1zoggbpZr_i4tJ1iUVNzVnpUh4z0GQ==	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://carsales.au1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAfnb-qPSyZecO9B5ZfywmNLbpLvp031ot7ln8fPgu7eWwZ19_ZPQHTOqDMGxjirJcrmCsSaiIDmPdIRas_zn4z1go8wNiaf6T7KGdMemdAI87j-2cWRTSM8MgKsIEHUt-&	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://track.unir.net/track/click/30530342/descargas.unir.net?p=eyJzIjoidHJHZnNhZE5kUkNYekRPckgyR3o3alV1Tkk0IiwidiI6MSwicCI6IntcInVcIjozMDUzMDM0MixcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvZGVzY2FyZ2FzLnVuaXIubmV0XFxcL2VzY3VlbGFkZWluZ2VuaWVyaWFcXFwvMDUlMjBTZWd1cmlkYWRfZGVsX1NvZnR3YXJlXFxcLzI3NzNlM2RjNTk0NzIyOTZjYjAwMjRiYTc3MTVhNjRlLnppcFwiLFwiaWRcIjpcIjY4YWI2MWQ5NDYzNTQwNmZhNzNlNzA5ODQ4YWU3NGI3XCIsXCJ1cmxfaWRzXCI6W1wiMjY5ZjJjYTk4MmEwODg4OTQ1YmM1MWViYzE0MDZlNmY1NTRmN2MxMlwiXX0ifQ	Get hash	malicious	Jigsaw	Browse	192.229.221.95
	_$phantom-SCV.cmd	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://hamids-worker.hamidyousefi93.workers.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://www.youkonew.anakembok.de/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	http://purchase-order-workers-playground-weathered-moon-6962.mslee.workers.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://mars.773670658.workers.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	hatabat.exe	Get hash	malicious	Blank Grabber, DCRat, XWorm	Browse	149.154.167.220
	Evo Resou_nls..scr.exe	Get hash	malicious	AsyncRAT	Browse	149.154.167.220
	Wave.exe	Get hash	malicious	XWorm	Browse	149.154.167.220
	https://telegrambot-resolved.pages.dev/	Get hash	malicious	Unknown	Browse	149.154.167.99
	RFQ 52165 Materiale vario OENAGROUP.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	149.154.167.220
	New Order Ergun Makina Hirdavat Tic #102718.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	149.154.167.220
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	149.154.167.99
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
HETZNER-ASDE	_$phantom-SCV.cmd	Get hash	malicious	Unknown	Browse	144.76.71.93
	Evo Resou_nls..scr.exe	Get hash	malicious	AsyncRAT	Browse	49.12.202.237
	https://he110ca11he1lpn0wwb112.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	HexPloit V1.5.exe	Get hash	malicious	Unknown	Browse	135.181.109.1
	HexPloit V1.5.exe	Get hash	malicious	Unknown	Browse	135.181.109.1
	38iGnQnL33.exe	Get hash	malicious	BlackMoon, DoublePulsar, ETERNALBLUE, GhostRat	Browse	144.76.194.78
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	195.201.251.214
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse	195.201.251.214
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse	195.201.251.214

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	factura546532.msi_factura546532.msi_78870.msi	Get hash	malicious	Unknown	Browse	149.154.167.99
	FIX_0x80070643_(Need_reboot).reg	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.2909.11487.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.15675.13139.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqlt[1].dll	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse
	WR0fuHnEVW.exe	Get hash	malicious	Vidar	Browse
	BRWgvKaqbg.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse
	vidar2406.exe	Get hash	malicious	Vidar	Browse
	RW3MLiFPzL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse

Created / dropped Files

C:\ProgramData\JKECFCFBGDHI\AFHDAK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\DHCAEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\EHDGCG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	modified
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\EHJDGC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\FIJECA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\HDAAAA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKECFCFBGDHI\IDHIDB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.1295899906525912
Encrypted:	false
SSDEEP:	6:kKxJa9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:X1DnLNkPlE99SNxAhUe/3
MD5:	733B815E400105E9EE32337FB16A7199
SHA1:	6A23482AF7D61D915DE6804B9ED645A684759289
SHA-256:	43D4DBFC25DCC83235DEE5126A1A90ED72C901CCA9E93EAEE7B475262C840667
SHA-512:	FC8DD33851EFF2FE501AE13CDD566D25AEC0BBED3F8E63500A5FB9E9B91C026CD468C4EBF468A5C1B802088EB1923A7C76B7DA0123F6B7044A755610A6477F3A
Malicious:	false
Preview:	p...... ..........h....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vjYcExA6ou.exe.log

Download File

Process:	C:\Users\user\Desktop\vjYcExA6ou.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	730
Entropy (8bit):	5.3458694453090025
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9fDLI4MNZcgB2MOqDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qrE4/A1E4KlKDE4KhKiKhk
MD5:	8DF93B6D82E7E7831679EC413BE8E6CA
SHA1:	307D59A9CA99E97E44631997464F841734B70D5B
SHA-256:	9CEDB9C553E6E933122596FB84C3F205AD74D6D181FCE72A63F2CBB8ABE6A2F5
SHA-512:	4CA80EA5590D08A0B33156DD9536EDD859DDB73D91C36FCAEBF91791444C484657BA487BF6524B120EAA55E39DBD53AC4B99B96C433002763F6DC9DDF5EDEE30
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\32bcd6ad56338e82b2e9ecba5600bdb4\System.Runtime.ni.dll",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqlt[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 2E7ZdlxkOL.exe, Detection: malicious, Browse Filename: S8co1ACRdn.exe, Detection: malicious, Browse Filename: M9dfZzH3qn.exe, Detection: malicious, Browse Filename: 5IRIk4f1PO.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse Filename: WR0fuHnEVW.exe, Detection: malicious, Browse Filename: BRWgvKaqbg.exe, Detection: malicious, Browse Filename: vidar2406.exe, Detection: malicious, Browse Filename: RW3MLiFPzL.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.241482202223148
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	vjYcExA6ou.exe
File size:	4'585'688 bytes
MD5:	c5f20b0cb835adff91c281ba3e9995e3
SHA1:	b7edfc4fb9befe9acf241e423741e27d68dfd832
SHA256:	416b40630daa924136b9d10e0faa8c800a7a882416f4e5b7944f9bc2553a414b
SHA512:	233587e39de30cfa0a9526fb041f9c9c70a1e7574e8bd8d934f7b795f3eff2a8aa8e98f20a7fcb06f00c85c233461d56bbabb4bba39c1ac4869839e3f0022678
SSDEEP:	49152:e+PcYB/o36ki63Hw4/uzcdl3ne2xAOVmmgZV099snm9pswB0Nq7:tPcYB/y6ki6PnuwT06sajB0Nq7
TLSH:	09269D9AB5E1CF66C30F2537C2E5A8480363DAD55353E30FBEA4260A1D467DE0E5ACD8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..................C...........D.. ... D...@.. ....................... F...........@................................

File Icon


Icon Hash:	c3d3d3cc1233586b

Static PE Info

General

Entrypoint:	0x84161e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x667FBAD4 [Sat Jun 29 07:42:12 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	21/04/2021 02:00:00 26/04/2024 01:59:59
Subject Chain	E=app@mullvad.net, CN=Mullvad VPN AB, OU=App, O=Mullvad VPN AB, L=G\xf6teborg, C=SE
Version:	3
Thumbprint MD5:	F69B32EAED37B1B18DB85D1A26EA1E27
Thumbprint SHA-1:	628787B4D78415D28418171B7FE53BAA333B92AD
Thumbprint SHA-256:	1D18B53318E748C836C9C4E13EE8AAAD826EEEAB393144A890A9AF062797AFDE
Serial:	0CBF470C61F3C3CC0B53FCE724C15E82

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4415d0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x442000	0x1d594	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x45d200	0x26d8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x460000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x441583	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x43f624	0x43f800	f134e5827360eb8677c2399ed143a5e8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x442000	0x1d594	0x1d600	ea8b12cdc4bbf6e8608fd8c5bc39c91d	False	0.42196642287234043	data	5.952886977734105	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x460000	0xc	0x200	abf2e3cc6a2ec0e192e63cfdcffbe57f	False	0.044921875	MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "D"	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x4421c0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m	0.4446529080675422
RT_ICON	0x443268	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m	0.2939891355692017
RT_ICON	0x447490	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m	0.19873121968531882
RT_ICON	0x457cb8	0x731f	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9981337586101592
RT_GROUP_ICON	0x45efd8	0x3e	data	0.8387096774193549
RT_VERSION	0x45f018	0x390	data	0.43201754385964913
RT_MANIFEST	0x45f3a8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 30, 2024 16:32:53.073052883 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:32:53.073061943 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:32:53.198108912 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:32:58.970704079 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:58.970798969 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:58.970949888 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:58.975325108 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:58.975378990 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.615884066 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.615983963 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.675499916 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.675523043 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.675790071 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.675945997 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.677755117 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.720535040 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.893866062 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.893891096 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.893919945 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.893959999 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.894006014 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.894009113 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.894025087 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.894032001 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.894049883 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.894077063 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.896461964 CEST	49706	443	192.168.2.5	149.154.167.99
Jun 30, 2024 16:32:59.896486998 CEST	443	49706	149.154.167.99	192.168.2.5
Jun 30, 2024 16:32:59.912657976 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:32:59.917556047 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:32:59.917649984 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:32:59.928520918 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:32:59.933285952 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:00.578811884 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:00.578871965 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:00.578970909 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:00.578972101 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:01.550923109 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:01.555757999 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:01.749627113 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:01.749722004 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:01.750283957 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:01.755145073 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.207767010 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.207967043 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.212516069 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.217418909 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.217519999 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.217835903 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.222640991 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.682327032 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:33:02.682332993 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:33:02.807305098 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:33:02.870517969 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.870706081 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.873399973 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.875591040 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:02.878290892 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:02.880433083 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:03.517332077 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:03.517456055 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.519182920 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.519634962 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.524395943 CEST	9000	49707	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:03.524518013 CEST	49707	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.524540901 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:03.524609089 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.524884939 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:03.529742956 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.179743052 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.179862976 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.180320978 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.182473898 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.185254097 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.187638044 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.478743076 CEST	443	49704	23.1.237.91	192.168.2.5
Jun 30, 2024 16:33:04.478863955 CEST	49704	443	192.168.2.5	23.1.237.91
Jun 30, 2024 16:33:04.813798904 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.813884020 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.813904047 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.813950062 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.815797091 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.816293001 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.821301937 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.821398973 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.821518898 CEST	9000	49709	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:04.821588993 CEST	49709	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.821767092 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:04.826543093 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:05.473690033 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:05.473875999 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:05.474257946 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:05.476309061 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:05.479485989 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:05.481439114 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.095904112 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.095987082 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.095985889 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.096025944 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.096039057 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.096060991 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.096072912 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.096098900 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.096113920 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.096151114 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.096152067 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.096201897 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.097805023 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.098201036 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.104639053 CEST	9000	49710	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.104728937 CEST	49710	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.106693983 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.106780052 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.107059002 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.112663984 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.761379004 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.761490107 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.761934042 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.763910055 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:06.766740084 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:06.768870115 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:07.400989056 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:07.401103973 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.460830927 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.461277008 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.467232943 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:07.467336893 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.467668056 CEST	9000	49711	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:07.467730999 CEST	49711	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.473341942 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:07.478343010 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.123363018 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.123459101 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.123799086 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.125498056 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.125588894 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.128647089 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130414963 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130480051 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130516052 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130567074 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130619049 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130775928 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130803108 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.130829096 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.464165926 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.464684010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.469604969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.469695091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.469871044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.470278025 CEST	9000	49712	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.470336914 CEST	49712	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:08.475425005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.706486940 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:08.706568003 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.121465921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.121537924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.121963978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.123806000 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.127057076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.129806042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.454953909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.455008030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.455046892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.455070972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.455116987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.455413103 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.455480099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456034899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456089973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456094027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456141949 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456149101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456186056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456204891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456219912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456239939 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456289053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456320047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456353903 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.456373930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.456398010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.459975004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.460035086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.461920977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.461978912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.543374062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.543423891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.543467999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.543505907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.552440882 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.552506924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.552630901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.552680969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.552683115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.552771091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.555882931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.555938959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.555955887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.555984974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.555991888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.556046009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.562855005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.562916994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.562923908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.562958002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.562998056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.563019991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.569791079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.569849968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.569896936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.569928885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.569960117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.569979906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.576555014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.576642036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.576675892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.576709032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.576730967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.576759100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.588579893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.588615894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.588656902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.588659048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.588681936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.588702917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.594238043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.594273090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.594305038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.594312906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.594364882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.594364882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.600876093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.600909948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.600935936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.600950003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.600969076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.600996971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.607413054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.607475042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.607590914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.607621908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.607647896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.607660055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.607672930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.607729912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.614303112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.614351988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.614363909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.614398003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.632128000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.632162094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.632196903 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.632217884 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.632251024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.641200066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.641295910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.641318083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.641341925 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.650753975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.650789022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.650815010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.650824070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.650832891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.650873899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.653951883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.654031992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.654059887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.654067993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.654079914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.654117107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.660811901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.660846949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.660868883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.660882950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.660891056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.660933971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.668031931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.668085098 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.668174982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.668207884 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.668225050 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.668246984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.674256086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.674314976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.674665928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.674716949 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.674870968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.674901009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.674916983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.674942017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.681230068 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.681260109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.681293964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.681293964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.681324959 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.681344032 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.681396008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.681454897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.688679934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.688713074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.688739061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.688749075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.688785076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.688792944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.696615934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.696674109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.696739912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.696772099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.696794033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.696818113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.703500986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.703569889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.703690052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.703722000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.703739882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.703774929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.707425117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.707487106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.707555056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.707586050 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.707603931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.707637072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.712867975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.712924957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.713016033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.713068008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.716665030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.716728926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.716790915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.716823101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.716844082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.716875076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.721084118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.721117973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.721144915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.721152067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.721167088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.721199989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.735630035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.735690117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.735691071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.735748053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.735735893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.735789061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.735806942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.735829115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.735845089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.735886097 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.736332893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.736392975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.736394882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.736430883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.736447096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.736485958 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.740372896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.740433931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.740449905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.740597010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.740628958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.740658998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.740686893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.740717888 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.745273113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.745335102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.745368004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.745377064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.745412111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.745412111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.750510931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.750607014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.750642061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.750648975 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.750663996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.750677109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.750689030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.750729084 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.753683090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.753720999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.753741980 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.753757000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.753767014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.753806114 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.756400108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.756459951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.756468058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.756522894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.756576061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.756607056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.756630898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.756650925 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.759282112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.759318113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.759350061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.759356976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.759368896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.759398937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.759408951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.759464025 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.762285948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.762322903 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.762353897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.762356997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.762378931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.762408972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.765347004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.765383959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.765424013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.765434980 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.765436888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.765466928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.765485048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.765511990 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.768161058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.768218040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.768223047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.768258095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.768275023 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.768307924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.771313906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.771349907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.771382093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.771382093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.771405935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.771428108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.774020910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.774082899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.774085999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.774121046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.774130106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.774168015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.777065992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.777124882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.777127028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.777162075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.777179956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.777215958 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.780045033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.780081034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.780113935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.780129910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.780152082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.780174017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.783216000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.783252954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.783269882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.783288002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.783299923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.783332109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.785950899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.785989046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.786005974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.786026001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.786045074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.786067963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.788744926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.788770914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.788785934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.788806915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.788829088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.792058945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.792074919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.792089939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.792115927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.792129993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.795171976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.795187950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.795203924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.795237064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.795253992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.797995090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.798012018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.798029900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.798044920 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.798063040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.798082113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.802206039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.802232027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.802258015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.802270889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.802293062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.802305937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.805047989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.805094957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.805099010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.805120945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.805140018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.805164099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.808052063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.808099031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.808105946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.808129072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.808144093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.808172941 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.809480906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.809530973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.809534073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.809561968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.809581041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.809604883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.812879086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.812910080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.812930107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.812937975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.812954903 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.812982082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.815804958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.815839052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.815865040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.815865993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.815892935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.815903902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.818901062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.818954945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.818955898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.818986893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.819000959 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.819025993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.821962118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.822012901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.822016954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.822047949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.822067022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.822098017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.824660063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.824692011 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.824722052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.824732065 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.824755907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.824770927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.827227116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.827260971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.827287912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.827291965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.827306032 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.827336073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.829833031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.829888105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.829896927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.829931021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.829948902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.829972982 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.832505941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.832561016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.832581997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.832612038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.832634926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.832657099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.835267067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.835298061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.835325003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.835329056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.835347891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.835376024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.837980032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.838031054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.838036060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.838066101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.838080883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.838114977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.840709925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.840739965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.840773106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.840783119 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.840807915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.840814114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.840816021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.840867043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.843195915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.843225956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.843254089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.843266964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.843350887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.843379974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.843398094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.843429089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.845748901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.845786095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.845807076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.845830917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.845880985 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.845931053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.848378897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.848417044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.848438025 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.848453045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.848464012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.848500013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.850750923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.850805998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.850821972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.850855112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.850873947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.850898027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.853527069 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.853562117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.853579998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.853595018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.853612900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.853641987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.855647087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.855679989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.855696917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.855715036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.855722904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.855767012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.857898951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.857949018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.857954025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.858000040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.858000994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.858048916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.858640909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.858674049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.858695984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.858706951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.858720064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.858752012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.860598087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.860649109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.860652924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.860701084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.860707045 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.860743046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.863663912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.863717079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.863719940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.863750935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.863765001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.863799095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.864044905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.864095926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.864097118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.864145994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.864146948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.864192009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.865884066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.865916967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.865940094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.865950108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.865962982 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.865998983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.867999077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.868031979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.868053913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.868066072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.868077993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.868112087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.869621992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.869674921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.869678020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.869708061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.869720936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.869755030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.871162891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.871198893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.871227026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.871237993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.871248007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.871289968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.871289968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.871345997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.872910023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.872978926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.873044968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.873075008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.873096943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.873110056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.873123884 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.873162031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.874372005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.874402046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.874423981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.874445915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.874485970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.874516010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.874541044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.874560118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.875994921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.876049042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.876133919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.876166105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.876183033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.876210928 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.877741098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.877778053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.877794027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.877813101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.877824068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.877860069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.879511118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.879544020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.879565954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.879576921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.879590988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.879623890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.880692959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.880722046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.880749941 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.880757093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.880759001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.880806923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.880825996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.880881071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.882297993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.882354021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.882373095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.882405043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.882425070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.882446051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.883783102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.883843899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.883845091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.883877993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.883893013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.883923054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.885473967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.885508060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.885535955 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.885540009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.885555029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.885582924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.886782885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.886816978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.886848927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.886848927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.886877060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.886913061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.888243914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.888298988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.888313055 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.888331890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.888344049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.888384104 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.889838934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.889906883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.889986992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.890019894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.890036106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.890069008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.891433001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.891469002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.891488075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.891504049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.891519070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.891551971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.894323111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.894357920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.894385099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.894391060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.894407988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.894434929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.894947052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.894994974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.895155907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.895188093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.895204067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.895236969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.895566940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.895601988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.895615101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.895637035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.895647049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.895705938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.896752119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.896809101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.896876097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.896909952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.896930933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.896960974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.898768902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.898797035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.898827076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.898838997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.898988008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.899036884 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.899038076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.899095058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.901175022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.901232958 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.901338100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.901370049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.901391029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.901408911 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.902695894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.902729988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.902755976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.902762890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.902776957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.902802944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.906115055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.906166077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.906167984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.906203032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.906210899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.906239033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.906255007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.906277895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.906291962 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.906322956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911168098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911222935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911228895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911257982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911274910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911298037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911314964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911334991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911344051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911370039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911389112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911406040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.911417961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.911453009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916512012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916584969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916600943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916636944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916641951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916675091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916709900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916709900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916733027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916747093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916775942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916781902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.916791916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.916826010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.924510956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.924573898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.924582958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.924619913 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.924632072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.924673080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.924931049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.924964905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.924988031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.925003052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.925007105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.925036907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.925049067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.925071001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.925087929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.925120115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932327986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932384014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932385921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932437897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932445049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932492971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932542086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932575941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932595015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932615042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932629108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932651043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.932672977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.932692051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.939785957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.939843893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.939933062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.939965963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.939986944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940004110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.940011024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940040112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.940058947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940083027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940094948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.940129995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.940146923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940165997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.940174103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.940217972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.946572065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.946630001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.946791887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.946908951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.946908951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.946945906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.946965933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.946979046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.946990967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.947016001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.947021961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.947055101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.947069883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.947088003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.947101116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.947138071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949553967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949605942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949613094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949641943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949656010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949676037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949696064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949716091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949723005 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949749947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949769974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949784040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.949796915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.949829102 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.954746962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.954801083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.954801083 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.954837084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.954854012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.954885960 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.954958916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.954991102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.955014944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.955024004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.955043077 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.955058098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.955069065 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.955111027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.959896088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.959947109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.959953070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.959985971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960000992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960024118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960028887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960072994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960078955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960130930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960130930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960167885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960185051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960201025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.960215092 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.960261106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965068102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965101004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965130091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965140104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965151072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965187073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965193987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965226889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965243101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965262890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965274096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965297937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.965312004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.965344906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969567060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969616890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969625950 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969654083 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969671011 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969687939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969702959 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969728947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969733953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969763041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969782114 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969806910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.969825029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.969852924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972599030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972632885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972657919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972680092 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972686052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972718954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972739935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972754002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972769022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972794056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972803116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972830057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.972845078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.972881079 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.973381996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.973438978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977128983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977237940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977247000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977298021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977298975 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977333069 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977350950 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977365971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977386951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977406979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977411985 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977442980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.977461100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.977490902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983068943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983122110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983124018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983160973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983172894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983198881 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983207941 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983232021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983242989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983283043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983397007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983432055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.983447075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.983481884 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985410929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985466003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985466003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985500097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985517979 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985548019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985600948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985651970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985655069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985690117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985704899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985726118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985738039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985758066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.985773087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.985807896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996448040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996505976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996563911 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996614933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996618986 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996651888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996664047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996690989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996707916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996725082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996737003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996759892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.996774912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.996809006 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:09.997085094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:09.997139931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001764059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001796007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001816988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001831055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001838923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001868963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001883984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001918077 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001924992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001957893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.001976013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.001991987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.002005100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.002044916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007288933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007322073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007338047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007354975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007361889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007395029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007405996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007477045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007484913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007512093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007529974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007548094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.007559061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.007599115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013315916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013351917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013376951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013390064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013398886 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013437986 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013443947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013483047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013495922 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013534069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013536930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013572931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013591051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013606071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.013624907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.013657093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.020898104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.020931005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.020957947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.020971060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021064997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021100044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021125078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021145105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021686077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021743059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021743059 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021780968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021795034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021814108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.021837950 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.021864891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028331041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028441906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028444052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028506994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028553009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028589010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028609037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028623104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028637886 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028656960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028669119 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028696060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.028703928 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.028738976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035480976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035538912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035552025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035590887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035610914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035626888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035645008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035665035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035682917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035701036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035712957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035737038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.035753965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.035784006 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038278103 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038335085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038480043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038532972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038532972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038568974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038583994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038602114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038614035 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038641930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038655996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038676977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.038697004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.038724899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045339108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045394897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045455933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045510054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045517921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045555115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045568943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045591116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045602083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045627117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045636892 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045663118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.045675993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.045715094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.048826933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.048861027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.048885107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.048899889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.048927069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.048953056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.049204111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.049238920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.049251080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.049273014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.049293041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.049312115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.049326897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.049362898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.053926945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.053961039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.053983927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.053998947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.053999901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.054049015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.054070950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.054125071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.054229975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.054263115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.054280043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.054297924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.054312944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.054347038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064099073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064153910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064188004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064188957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064204931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064234018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064289093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064321995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064342976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064354897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064364910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064393997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064407110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064434052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064445972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064470053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064493895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064526081 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064546108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064584970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064596891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064632893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064735889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064769983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064788103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064805031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.064821005 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.064857960 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.066490889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.066550970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.066617966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.066652060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.066668034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.066684961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.066698074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.066737890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.067243099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.067296982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.067306995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.067332029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.067352057 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.067384005 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.072549105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.072643995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.073126078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073137999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073148966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073158026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073163986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073174953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.073187113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.073235989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.074353933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074363947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074373960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074412107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.074429989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.074472904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074523926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.074531078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074541092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074551105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.074580908 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.074599981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086175919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086267948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086329937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086378098 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086389065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086436987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086448908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086458921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086498976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086508989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086549997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086699009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086745977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.086807013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.086853027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.091656923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091694117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091703892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091705084 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.091738939 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.091837883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091850042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091860056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091870070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.091886997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.091909885 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.095731020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.095776081 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.095778942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.095787048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.095819950 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.095886946 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.095897913 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.095937014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.096009970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.096055031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.096086979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.096133947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.102133989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102169037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102178097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102205992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.102220058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.102364063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102375031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102417946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.102432013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102479935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.102499008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.102541924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109570980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109595060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109606981 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109623909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109637976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109657049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109736919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109747887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109760046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109770060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.109783888 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109796047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.109826088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.120457888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120506048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.120516062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120527029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120563030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.120573997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.120724916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120735884 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120745897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120755911 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.120778084 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.120805979 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.127855062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.127904892 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.127912045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.127923012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.127960920 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.128051043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.128062010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.128071070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.128081083 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.128098011 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.128119946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.129684925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129734039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.129817963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129827023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129869938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.129873037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129915953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.129930019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129940987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129951000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.129981995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.130004883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.130004883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.130048037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.132781029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132798910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132808924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132833004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.132848978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.132864952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132875919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132884979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132894993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.132906914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.132940054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.137708902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137718916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137729883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137738943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137751102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137761116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137770891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.137797117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.137902021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142344952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142388105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142399073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142399073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142435074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142467976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142513037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142596006 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142643929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142667055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142677069 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142685890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.142713070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.142738104 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.147259951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147330999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.147334099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147347927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147382975 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.147404909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147417068 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147449970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.147490978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147540092 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.147547960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.147597075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.152647018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.152695894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.152705908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.152724028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.152784109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.152802944 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.152818918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.152882099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.152993917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.153059006 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.153076887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.153132915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.154627085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154679060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.154697895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154709101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154747963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.154777050 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154787064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154825926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.154942989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.154990911 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.155004978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.155055046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.171833992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.171845913 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.171857119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.171916962 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.171935081 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172069073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172080994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172091961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172102928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172116041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172128916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172147036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172164917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172215939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172235012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172246933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172259092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172271013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172271013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172282934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.172292948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.172323942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.176218033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176229954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176243067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176279068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.176300049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.176376104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176387072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176398993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176428080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.176455021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.176526070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.176577091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.180521011 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180531979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180542946 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180562973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180573940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180578947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.180587053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180599928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.180607080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.180627108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.180644035 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.184716940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184726000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184736013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184783936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.184814930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.184842110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184853077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184861898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184885025 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.184892893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.184897900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.184935093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.191112041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191169024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.191173077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191184998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191215992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.191236019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.191284895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191296101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191306114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191314936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.191339970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.191364050 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198695898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198755980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198761940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198766947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198801041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198812962 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198890924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198901892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198916912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198926926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.198950052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198950052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.198985100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.209661007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209671974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209681034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209731102 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.209759951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.209779978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209791899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209801912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209811926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.209824085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.209836006 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.209870100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.217252016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217263937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217274904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217320919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.217350960 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.217375040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217386961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217396021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217406034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.217426062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.217439890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223306894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223335028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223345041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223377943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223431110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223488092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223498106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223509073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223519087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223535061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223563910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223757029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223803043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223838091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223848104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223880053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.223968983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223979950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223989964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.223999023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.224018097 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.224030018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.224066019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226263046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226319075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226330042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226367950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226383924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226413965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226435900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226447105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226457119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226488113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226533890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226636887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226687908 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.226687908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.226737976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.231197119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.231240034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.231250048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.231328964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.231338978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.231369019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.231415987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.232332945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.232386112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.232395887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.232444048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.236155987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236166000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236176014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236212015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.236246109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.236270905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236280918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236290932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236300945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.236321926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.236356020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.241517067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241559029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241569042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241590977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.241622925 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.241703987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241714001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241723061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.241733074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.242419004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.243532896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243582010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243591070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.243592024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243623972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.243637085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.243721008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243731976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243741035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243752956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.243771076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.243805885 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251209974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251254082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251264095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251270056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251293898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251312971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251378059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251389027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251399040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251408100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.251427889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251457930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.251980066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252038956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252048016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252048969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.252084970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.252103090 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.252154112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252166033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252175093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252187014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.252212048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.252235889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.264975071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265008926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265018940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265069008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.265081882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.265171051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265182972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265192986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265203953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.265230894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.265256882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269275904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269323111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269331932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269331932 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269365072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269376040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269397974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269438982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269443989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269454002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269488096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269510984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.269571066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269581079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.269623041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.273391962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273401022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273442030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273442984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.273489952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.273503065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273514032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273554087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.273592949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273603916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273612976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.273644924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.273655891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.279993057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280003071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280014038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280049086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.280080080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.280087948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280098915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280131102 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.280150890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.280210018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280234098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.280261040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.280273914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287451029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287487030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287497044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287498951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287535906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287547112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287604094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287615061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287661076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287729025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287779093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.287792921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.287847042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.298273087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298309088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298317909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298392057 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.298449039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298510075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298511028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.298521996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298604965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.298681974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298691988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.298768044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.305774927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.305783987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.305830002 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.305834055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.305907965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.305912971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.305918932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.305964947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.305998087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.306010008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.306020975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.306060076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.306476116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.306529999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.312603951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312649012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312658072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.312660933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312690973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.312700987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.312805891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312817097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312827110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312836885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.312853098 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.312879086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.313039064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313086987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.313102007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313112020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313150883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.313239098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313251019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313260078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313268900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.313291073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.313306093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.315427065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315478086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.315480947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315493107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315527916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.315607071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315618992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315628052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315639019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.315654993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.315668106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.320477009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320528030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320538044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320545912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.320585966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.320643902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320656061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320664883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320693970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.320704937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.320750952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.320796013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.324856043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.324866056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.324877977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.324907064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.324918032 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.324923992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.324934959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.324964046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.324996948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.325042009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.325333118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.325376987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.325385094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.325433016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.330544949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330557108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330565929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330595970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330600977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330605030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.330606937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330617905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330734968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.330734968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.330764055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.330809116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.332345963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332392931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.332426071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332472086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.332501888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332511902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332521915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332531929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332551003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.332575083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.332645893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332657099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.332696915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340120077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340141058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340152025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340164900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340183020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340259075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340269089 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340279102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340289116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340305090 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340326071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340740919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340822935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340831995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340871096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340874910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340887070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.340909004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.340933084 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.341145992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.341161966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.341192961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.341219902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.353745937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.353810072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.353815079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.353826046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.353859901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.353861094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.353873968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.353897095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.353964090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.354012012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.354032040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.354043007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.354077101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.354082108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.354123116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358105898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358155012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358160973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358171940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358196974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358213902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358254910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358264923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358304024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358314991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358371973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358416080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.358417034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.358459949 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.362262964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362272978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362282991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362318039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.362338066 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.362344027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362354040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362395048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.362525940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362543106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.362565994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.362590075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.368683100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368752003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.368771076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368782043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368835926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.368855953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368865967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368875980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368885994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.368905067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.368917942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.376420975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376465082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.376503944 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376514912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376545906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.376571894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.376590014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376601934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376609087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376619101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.376657009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.376677036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.387094975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387113094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387120962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387155056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.387166977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.387254953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387265921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387275934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387285948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387305021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.387320995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.387742043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.387809038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394684076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.394725084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.394733906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394736052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.394761086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394778967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394834995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.394845963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.394879103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394890070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.394973993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.395005941 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.395026922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.395065069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.400971889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.400983095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.400993109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.401021004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.401074886 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402209044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402267933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402270079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402281046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402312994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402389050 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402400017 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402410984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402420044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402442932 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402456999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402607918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402651072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402688980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402700901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402728081 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402740002 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.402796984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.402837038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404119968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404175997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404185057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404196024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404222965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404242992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404258013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404303074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404366970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404396057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404405117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404412985 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404423952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404453993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.404462099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.404505014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409140110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409184933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409187078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409194946 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409238100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409255028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409334898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409351110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409389019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409410954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409423113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409437895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409447908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.409449100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409476995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.409487963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413578987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413634062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413649082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413669109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413686037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413732052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413752079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413763046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413772106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413800001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413836956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.413886070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413896084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.413933039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.419133902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419145107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419154882 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419197083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.419229031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.419230938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419243097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419251919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419262886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.419279099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.419315100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421107054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421116114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421125889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421159029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421171904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421230078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421241999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421251059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421283007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421308041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421386003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421432018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.421797037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.421843052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.428848028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.428894997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.428905010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.428905010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.428931952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.428946018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429030895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429042101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429052114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429060936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429080963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429105043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429596901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429650068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429651976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429662943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429711103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429723024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429773092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429784060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429794073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429804087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.429814100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429826021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.429861069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.442557096 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442564964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442572117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442629099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442640066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442675114 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.442728996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.442759037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442770004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442780018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.442797899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.442826033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.447031021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447045088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447056055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447084904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.447109938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.447175980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447186947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447196960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447231054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.447242022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.447284937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.447329998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.451077938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451096058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451105118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451129913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.451143026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.451251984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451261997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451271057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451282024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.451297998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.451311111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457426071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457477093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457479954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457489014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457530022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457550049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457564116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457607985 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457690954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457727909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457736969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457739115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457773924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457782984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.457789898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.457830906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.465215921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465313911 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.465332031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465342999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465379000 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.465451956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465461969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465472937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465483904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.465498924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.465516090 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.476674080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476686954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476697922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476737022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.476783991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.476804018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476814985 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476824999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476835012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.476849079 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.476876020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.484349012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484389067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484400988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484415054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.484446049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.484487057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484508038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484519005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484534025 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.484560966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.484657049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.484699965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.490946054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.490978003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.490988016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.490998983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491030931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491044044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491091013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491134882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491163969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491204977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491230011 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491241932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491271973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491362095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491373062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491384029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491394997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.491415024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.491430044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.492192984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.492202997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.492213964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.492242098 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.492259979 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.493029118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493077040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.493088007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493098974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493138075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.493150949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493161917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493205070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.493376017 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493387938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.493427992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.498610020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498620987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498631954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498656988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.498675108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.498686075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498697042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498707056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498718977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498729944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.498759031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.498845100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.498888016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.502614021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502665043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.502677917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502688885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502739906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.502789021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502799988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502810955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502820969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.502839088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.502854109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.507879972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.507924080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.507931948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.507934093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.507963896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.507973909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.508093119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.508135080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.508142948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.508153915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.508188009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.508217096 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.508227110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.508260965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.509982109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.509999990 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510010004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510031939 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.510057926 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.510149956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510160923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510171890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510195017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.510206938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.510262966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510273933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.510310888 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.517796993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.517822981 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.517833948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.517847061 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.517893076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.517914057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.517960072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.517999887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518038034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518045902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518049002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518080950 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518093109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518105984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518151999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518414021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518460989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518466949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518515110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518563032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518594027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518604040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518604994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518626928 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518644094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.518742085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.518785954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.519037008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.519047976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.519083977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.531255960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531266928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531326056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.531364918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531375885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531387091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531419039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.531452894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.531497002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531507969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531517029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.531541109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.531553030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.535660982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535682917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535691977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535710096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.535732031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.535823107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535840988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535851955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535871983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.535892963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.535964966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.535974979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.536017895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539699078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539707899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539750099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539756060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539802074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539813042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539815903 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539844036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539863110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539897919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539908886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539918900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.539951086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.539967060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.546411037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546422958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546433926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546525002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546526909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.546536922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546580076 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.546611071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.546650887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546674967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.546701908 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.546715975 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.553986073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554012060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554022074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554059029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554080009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554126978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554172039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554199934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554244995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554250002 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554256916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554282904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554292917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.554296970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.554342031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.565073967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565088034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565099001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565162897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.565186977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565197945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565208912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565222979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.565256119 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.565280914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.572905064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.572945118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.572957993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.572988033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573014021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573076010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.573117018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.573118925 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573157072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573177099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.573189020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.573216915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573250055 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.573420048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.573462009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.579798937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.579824924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.579838037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.579852104 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.579898119 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.579925060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.579979897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.579988003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580001116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580012083 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580037117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580065012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580241919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580254078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580265999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580292940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580317974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580355883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580368996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580380917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580410004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580435038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.580513954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.580559969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.581891060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.581901073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.581935883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.581939936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.581975937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.581983089 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.581994057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.582029104 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.582364082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.582375050 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.582384109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.582417011 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.582421064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.582432032 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.582463026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.587307930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587321997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587332964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587358952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.587376118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.587436914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587449074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587491989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.587624073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587635040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.587677002 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591383934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591396093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591406107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591434956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591445923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591483116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591546059 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591689110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591747046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591761112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591772079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591809034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.591833115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.591876984 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.596796036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596807957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596818924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596848965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.596853018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596873999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.596904993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.596966982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596978903 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.596992016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.597023010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.597023964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.597043991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.597069025 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.598887920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.598908901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.598918915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.598937035 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.598958969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.599014997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.599026918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.599066019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.599107027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.599117994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.599127054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.599157095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.599169016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606549025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606560946 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606592894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606602907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606631994 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606640100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606652021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606705904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606715918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606764078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606775045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606789112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.606815100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.606838942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607228994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607238054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607281923 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607353926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607398987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607405901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607417107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607453108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607455015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607496977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607770920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607810974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.607815981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.607847929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620100975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620115042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620126963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620148897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620167971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620187044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620198965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620238066 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620280981 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620291948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620366096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620366096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.620383024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.620423079 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.624675035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624725103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.624856949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624869108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624880075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624906063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.624941111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.624950886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624963999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624974012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.624995947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.625041008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.628709078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628729105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628745079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628757954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.628777027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.628874063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628887892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628900051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628911018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.628917933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.628947020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635231972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635273933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635278940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635286093 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635325909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635344028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635410070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635421038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635432005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635442019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.635451078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635468006 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.635494947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.642915010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.642929077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.642940044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.642980099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.643004894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.643007040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.643017054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.643028021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.643042088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.643069983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.643223047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.643269062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.653989077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654037952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.654088974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654099941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654166937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.654192924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654203892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654212952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654223919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.654243946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.654280901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.661607981 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661653996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661663055 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.661668062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661691904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.661705017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.661741972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661753893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661792040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.661834955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661845922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.661884069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.662211895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.662261009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.668553114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668569088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668580055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668606997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.668627977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668653965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.668672085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668673038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.668684959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668718100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.668756962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668767929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.668807983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669133902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669143915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669182062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669255018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669291019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669301987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669306040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669336081 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669361115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669389009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669409990 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669645071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669689894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.669724941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.669773102 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.670676947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670725107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.670727968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670739889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670774937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.670779943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670819998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.670896053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670919895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670929909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.670944929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.670957088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.671061039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.671108007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676186085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676211119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676222086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676234961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676249027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676316977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676362038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676372051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676383018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676415920 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676429033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.676503897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676513910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.676553011 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.680350065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680371046 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680382967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680449009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.680449009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.680455923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680500031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.680516958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680529118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680538893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.680583000 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.680608034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.685699940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685713053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685726881 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685749054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.685774088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.685828924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685842037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685878992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.685945988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685956955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.685993910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.687743902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687756062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687767029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687797070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.687808037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.687827110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687865973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687871933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.687907934 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.687931061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687947989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687984943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.687987089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.688031912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.695599079 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695611954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695622921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695661068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.695677042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695688009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695693970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.695722103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.695796013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695806980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.695844889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696068048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696079016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696089983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696118116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696126938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696131945 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696166992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696269989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696311951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696314096 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696324110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696358919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.696424961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.696470976 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716033936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716058016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716070890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716084957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716124058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716223001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716233015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716243029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716253996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716308117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716308117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716356039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716367006 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716403961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716548920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716559887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716569901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716603041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716628075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.716639996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716650963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.716681004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717297077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717345953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717354059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717365026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717401981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717411041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717454910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717510939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717557907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717566013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717576027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717602968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717616081 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.717650890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.717694044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737385035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737423897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737435102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737440109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737477064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737495899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737561941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737572908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737584114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737595081 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737611055 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737637043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737742901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737755060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737798929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737816095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737858057 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.737941980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737952948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737977982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737988949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.737991095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.738017082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.738042116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.742724895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742736101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742748976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742778063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.742799997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.742816925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742827892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742862940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.742924929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742935896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742944956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.742970943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.742986917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750541925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750565052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750576019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750593901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750614882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750648975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750699043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750705957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750737906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750746012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750750065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750798941 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750812054 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.750833035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.750874996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757508039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757529974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757540941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757566929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757584095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757667065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757677078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757687092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757697105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757718086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757733107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757786989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757832050 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757869005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757935047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.757962942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757973909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757987022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.757997036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.758012056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.758038998 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.758382082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.758393049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.758436918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.759664059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759718895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.759728909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759740114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759772062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.759821892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759833097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759845972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759866953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.759895086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.759943962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.759989023 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.765049934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765089989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765100002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765121937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.765158892 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.765192986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765203953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765244007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.765321016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765331030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.765367031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.769017935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769028902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769073009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769092083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.769114971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.769124031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769134998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769165993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.769223928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769237041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769248009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.769273043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.769285917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.774646997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774663925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774677992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774698019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774708986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774717093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.774720907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774734974 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.774748087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.774770021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.776767015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776779890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776793957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776813030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776822090 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.776825905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776839972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776846886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.776855946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.776891947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.776969910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.777017117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.784508944 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784534931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784545898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784564972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.784586906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.784648895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784660101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784670115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784681082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.784699917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.784715891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.785271883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785283089 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785293102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785322905 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.785334110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.785407066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785417080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785425901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.785459042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.785482883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.786459923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.786509037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.804939032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.804953098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.804964066 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.804994106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805047989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805068016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805078983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805088997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805099964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805116892 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805146933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805228949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805239916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805279016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805372000 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805408001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805416107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805419922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805449963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805476904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.805491924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805502892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.805537939 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.806135893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806175947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806184053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.806188107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806216955 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.806307077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806318045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806328058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806339025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.806351900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.806375027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826195002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826251984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826255083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826263905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826320887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826320887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826338053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826353073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826364040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826375961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826389074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826419115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826566935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826576948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826586962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826596975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826623917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826644897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826726913 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826773882 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826793909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826803923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.826828957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.826842070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.831574917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831613064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831624031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831624985 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.831650972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.831665993 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.831734896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831746101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831788063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.831796885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831809044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.831842899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.840754032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.840794086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.840804100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.840826035 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.840881109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.840894938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.840907097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.840946913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.841041088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.841089010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.841371059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.841418028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.846611977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.846658945 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.846671104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.846687078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.846724987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.846843004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.846853018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.846892118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847001076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847012997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847023010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847038984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847049952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847049952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847074986 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847095013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847136021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847146034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847182035 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847630024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.847676039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.847978115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848023891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.848618031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848628044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848639011 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848660946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.848681927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.848701954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848712921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848722935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848733902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.848748922 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.848773003 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.854156971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854166985 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854176998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854206085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.854228020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.854304075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854315042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854324102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854334116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.854355097 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.854377031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.858098984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858153105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.858217001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858227968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858266115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.858283043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858294964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858304024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858314991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.858331919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.858350039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.863368034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863379002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863388062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863415956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.863435030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.863503933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863514900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863524914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863550901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.863585949 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.863650084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.863694906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.865765095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865775108 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865786076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865819931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.865843058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.865845919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865859032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865868092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865879059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865890026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.865911007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.865953922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.865999937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.873392105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873403072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873409033 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873503923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873512983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873533964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873543978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.873574972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.873624086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.875191927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875248909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.875252008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875263929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875291109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.875329018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.875406027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875417948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875427008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875437021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.875458002 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.875483036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.893841982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.893928051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.893937111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.893958092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.893969059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.893974066 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.893980026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894017935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894051075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894422054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894480944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894490004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894500971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894539118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894547939 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894567966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894577980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894612074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894624949 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894733906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894745111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894790888 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894819975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894830942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894840956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.894865036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.894893885 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.895474911 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895492077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895502090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895540953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.895559072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.895605087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895615101 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895626068 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895634890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.895652056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.895664930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915194035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915205002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915215015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915247917 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915296078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915386915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915397882 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915409088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915419102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915437937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915463924 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915519953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915530920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915540934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915550947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915565014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915584087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915659904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915671110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915680885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.915703058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.915715933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920471907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920526981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920697927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920706987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920749903 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920753956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920764923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920797110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920815945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920823097 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920828104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920840979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.920866966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.920902014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929675102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929685116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929693937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929733992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929764032 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929805040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929820061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929830074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929850101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929874897 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929938078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929946899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.929975033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.929991961 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935506105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935517073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935525894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935565948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935595989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935601950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935652018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935673952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935683966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935715914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935730934 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935734034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935779095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.935852051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.935899019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.936387062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936439037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.936451912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936461926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936501026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.936522007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.936522007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936533928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936543941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.936569929 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.936604023 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937318087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937367916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937587976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937634945 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937638998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937650919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937700033 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937719107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937768936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937783957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937794924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937804937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.937815905 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937828064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.937860966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.942946911 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943006039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.943041086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943051100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943084955 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.943114996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943125963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943135977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943156958 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.943171024 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.943309069 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.943352938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.943571091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.944542885 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.946902990 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.946913004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.946927071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.946962118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.946995020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.947042942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.947092056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.947120905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.947163105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.947175026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.947185040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.947195053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.947222948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.947261095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.952301979 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952311039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952320099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952344894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.952358007 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.952488899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952503920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952514887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952532053 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952539921 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.952543020 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.952569008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.952589989 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.954586029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954621077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954631090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954662085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.954698086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.954730988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954741955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954787016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.954813004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954823971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.954858065 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.954883099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.962148905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962177992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962187052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962197065 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962210894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.962248087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.962255955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962265968 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962275982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962284088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.962285042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.962312937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.962341070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.964256048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964307070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.964313030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964324951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964355946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.964451075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964462042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964471102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964488983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.964498997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.964525938 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.964538097 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.982836008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.982892036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.982920885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.982933044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.982942104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.982973099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.982995987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983081102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983091116 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983100891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983108997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983115911 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983129978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983139038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983557940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983567953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983577967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983606100 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983629942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983700991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983711004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983762980 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.983802080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983813047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.983864069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.984065056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984110117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.984117985 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984131098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984165907 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.984354973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984365940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984376907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984404087 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.984416962 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:10.984419107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984430075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:10.984457016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.003988028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004019022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004026890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004044056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004054070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004065037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004070044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004101038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004128933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004139900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004148960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004179955 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004193068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004492998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004502058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004542112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004544973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004585981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004616022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004626989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004636049 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004661083 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004687071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.004806995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004817009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.004853964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.009655952 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009675026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009684086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009706020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.009718895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.009818077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009829044 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009840012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009850025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.009862900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.009895086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018567085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018605947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018616915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018616915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018662930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018676996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018676996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018698931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018728018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018739939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018748999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018757105 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.018771887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.018795967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024333954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024511099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024617910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024626970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024637938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024646997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024672985 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024701118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024729013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024765015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024775028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.024775028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024801970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.024811983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025194883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025202990 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025213003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025223970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025233984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025240898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025264978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025275946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025446892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025487900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025501966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025513887 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025522947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.025547981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.025564909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.026376963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026387930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026397943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026423931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.026444912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.026489973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026499987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026511908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026523113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026535988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.026576042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.026612043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.026653051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.032032013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032042027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032057047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032066107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032077074 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032083988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.032124996 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.032138109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.032160997 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032171965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032180071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.032198906 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.032210112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.035888910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.035934925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.035938978 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.035947084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.035974979 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.035986900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.036151886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.036163092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.036175013 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.036185026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.036194086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.036207914 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.036235094 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.041120052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041174889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.041209936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041220903 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041256905 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.041271925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041289091 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041317940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.041346073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.041454077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041465998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.041506052 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043481112 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043539047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043553114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043565035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043574095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043596983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043611050 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043627977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043649912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043651104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043662071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043680906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.043685913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043714046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.043725014 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.050992012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051001072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051014900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051026106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051035881 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051045895 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.051047087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051075935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.051098108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.051229954 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051240921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.051271915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.051292896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053117037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053154945 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053159952 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053164959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053186893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053193092 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053205967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053227901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053260088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053271055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053308010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053319931 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.053343058 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053354025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.053391933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.071772099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071785927 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071795940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071830988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.071862936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.071877956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071907043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071917057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.071923971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.071938992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.071959019 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072026014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072036028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072061062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072072029 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072338104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072349072 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072386980 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072396040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072401047 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072439909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072612047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072623014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072640896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072650909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072658062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072666883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072685957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.072870016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.072931051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073065042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073112011 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073115110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073126078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073174953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073174953 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073205948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073215961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073226929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073236942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.073250055 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073262930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.073288918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093091965 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093166113 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093167067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093180895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093231916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093254089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093405008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093415022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093425035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093441963 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093446970 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093456030 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093465090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093467951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093477964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093508005 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093521118 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093600035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093610048 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093621016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093630075 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.093647957 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.093672037 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.098515034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098546982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098556995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098571062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.098601103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.098647118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098658085 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098697901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.098758936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098771095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098779917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.098800898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.098812103 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107384920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107408047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107418060 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107451916 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107481003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107495070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107523918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107525110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107537985 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107568026 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107579947 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107610941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107621908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.107642889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.107657909 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113418102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113473892 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113478899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113519907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113527060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113554955 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113559008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113568068 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113578081 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113603115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113616943 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.113724947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113735914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.113778114 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114010096 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114048958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114058018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114058971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114090919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114106894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114259958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114272118 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114308119 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114320040 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114337921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114350080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114357948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.114383936 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.114396095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.115523100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115562916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115573883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115607977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.115621090 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.115708113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115717888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115727901 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115740061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.115752935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.115783930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.120954037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121006012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121007919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121016026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121061087 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121063948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121071100 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121082067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121082067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121092081 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121098042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121121883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121148109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.121222019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.121263027 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.125118971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125130892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125142097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125190973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.125221968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.125241041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125251055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125262022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125272036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.125282049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.125297070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.125328064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.129935980 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.129997015 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.130023003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130032063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130063057 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.130075932 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.130156040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130167007 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130177021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130189896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130194902 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.130199909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.130230904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.130243063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.132508993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132530928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132539988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132565022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.132602930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.132649899 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132661104 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132669926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132680893 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.132694960 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.132718086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.139771938 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139792919 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139801025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139832973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.139861107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.139868021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139878988 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139889956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139899969 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.139905930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.139945030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.140019894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.140064001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.141938925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.141949892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.141963959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.141979933 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.142004967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.142052889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.142062902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.142088890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.142095089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.142098904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.142111063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.142122030 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.142152071 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160577059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160640001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160649061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160655022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160701990 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160721064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160777092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160788059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160798073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160808086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160829067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160859108 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.160865068 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.160901070 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161243916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161254883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161264896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161295891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161309004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161385059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161416054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161425114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161432981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161458969 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161470890 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161529064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161539078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161571980 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161587954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.161953926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161963940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161968946 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161974907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.161998987 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.162015915 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.162017107 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.162029028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.162061930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.162089109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.162271023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.162319899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.162383080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.162421942 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.181767941 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181843996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181854010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181899071 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181910038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181921005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181924105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.181931973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.181984901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.181984901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182064056 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182107925 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182368040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182413101 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182462931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182471991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182507992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182522058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182534933 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182545900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182555914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182565928 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182579041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182620049 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.182905912 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.182948112 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.187513113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187522888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187534094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187563896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.187593937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.187654972 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187669039 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187684059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187695026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.187707901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.187732935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.196460009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196470022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196480036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196501970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196510077 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.196513891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196526051 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196527958 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.196537018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196577072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.196600914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.196608067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.196638107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202198982 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202250004 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202270031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202280045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202301025 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202311993 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202332973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202364922 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202478886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202526093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202640057 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202656984 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202682972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202694893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.202956915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202965975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.202980042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203006983 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.203031063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.203037977 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203052998 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203063011 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203073978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203083038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.203097105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.203124046 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.203488111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.203536034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.204282045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204327106 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.204385996 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204396009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204427004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204428911 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.204464912 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.204495907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204507113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204518080 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204525948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.204544067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.204565048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.209881067 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.209918022 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.209925890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.209981918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.210011005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.210021973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.210032940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.210042953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.210067034 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.210100889 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.210228920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.210268021 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.213829994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213841915 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213851929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213862896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213881016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.213901997 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.213916063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213962078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.213964939 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213974953 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.213983059 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.214003086 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.214020967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.219022989 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219034910 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219044924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219060898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219070911 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219079971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.219108105 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.219305992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219316959 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219321966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.219362020 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221220970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221262932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221271992 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221287966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221311092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221328974 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221354008 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221379042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221417904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221425056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221429110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221461058 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.221477032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.221520901 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.228612900 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228637934 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228646994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228660107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.228672981 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.228730917 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228743076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228780031 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.228832960 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228844881 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228852987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.228874922 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.228899956 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.230643034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230690956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230694056 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.230700970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230717897 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230726957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230736017 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.230765104 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.230945110 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230957031 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230967999 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230978012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.230994940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.231007099 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249520063 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249557018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249564886 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249618053 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249644041 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249655962 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249666929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249667883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249680042 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249691010 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249718904 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249874115 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249885082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249895096 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249905109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249916077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.249924898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249939919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.249958992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250518084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250571012 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250729084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250737906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250768900 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250782013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250799894 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250812054 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250821114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250830889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.250838041 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250863075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.250881910 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.251055002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.251097918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.251106024 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.251116991 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.251153946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.251176119 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.251219988 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.270665884 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270684004 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270694017 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270765066 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.270807028 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270808935 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.270817995 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270881891 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.270895958 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270905018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.270936966 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.270962954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.271039009 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271049976 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271059036 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271070957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271080971 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271083117 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.271132946 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.271315098 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271327019 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.271358967 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.271382093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276292086 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276302099 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276310921 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276355028 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276381016 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276387930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276393890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276426077 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276441097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276448965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276467085 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276490927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276504040 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276515961 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.276546001 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.276565075 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285249949 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285331964 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285335064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285342932 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285370111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285372972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285382032 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285407066 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285424948 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285481930 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285494089 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285501957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.285531044 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.285546064 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291402102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291445971 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291446924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291460037 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291487932 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291498899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291559935 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291570902 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291584015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291603088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291615963 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291718006 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291759968 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291764021 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291802883 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291806936 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291846991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291949034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291986942 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.291990042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.291999102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.292011023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.292025089 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.292041063 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.292057991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.292114973 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.292125940 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.292157888 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.292170048 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293312073 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293358088 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293358088 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293371916 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293409109 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293416977 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293428898 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293467999 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293502092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293512106 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293521881 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293529987 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.293541908 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.293567896 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.298757076 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.298818111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.298904896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.298913956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.298962116 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.298983097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.298994064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.299004078 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.299038887 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.299071074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.299146891 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.299156904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.299185991 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.299210072 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302690029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302725077 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302735090 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302750111 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302769899 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302783966 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302828074 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302856922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302867889 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302894115 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302906036 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302923918 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302933931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.302963972 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.302975893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.309212923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309223890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309233904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309279919 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.309319973 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.309341908 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309353113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309362888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309371948 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.309400082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.309428930 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.310421944 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310431957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310442924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310472965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.310492039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.310571909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310581923 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310592890 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310616016 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.310632944 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.310674906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.310718060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320503950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320516109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320525885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320563078 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320625067 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320645094 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320656061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320664883 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320674896 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320688009 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320714951 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320878029 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320889950 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320899010 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320910931 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.320921898 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.320936918 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.321022034 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.321033001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.321043015 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.321063042 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.321086884 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.339751005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339762926 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339771986 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339783907 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339792967 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339802027 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339812994 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339816093 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.339823008 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339833975 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339863062 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.339884043 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.339956045 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.339967012 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340004921 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340045929 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340055943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340065956 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340086937 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340100050 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340519905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340570927 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340787888 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340800047 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340810061 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340837955 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340861082 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340920925 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340931892 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340941906 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340951920 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.340970039 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.340995073 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359709978 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359805107 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359822035 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359831095 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359868050 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359880924 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359893084 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359901905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359904051 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359913111 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359930992 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359934092 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.359963894 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.359981060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360151052 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360234022 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360255003 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360265970 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360296965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360308886 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360675097 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360686064 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360702038 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360713005 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.360734940 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360768080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.360768080 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.365202904 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365214109 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365223885 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365252018 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.365271091 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.365346909 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365358114 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365395069 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.365411043 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365420103 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365431070 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.365453005 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.365482092 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.374439001 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374479055 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374490023 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374623060 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.374624014 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374638081 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374650002 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374661922 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.374689102 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.374730110 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380350113 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380407095 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380445957 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380458117 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380503893 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380518913 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380532026 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380543947 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380554914 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380565882 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380575895 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.380578995 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380598068 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380635023 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.380996943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381009102 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381015062 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381026983 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381037951 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381047964 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.381074905 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381083965 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.381088018 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381119013 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.381145954 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.381413937 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.381454945 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.403363943 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.403434038 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.466864109 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.467361927 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.474242926 CEST	9000	49713	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.474312067 CEST	49713	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.481967926 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:11.482103109 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.482393980 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:11.487332106 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.158755064 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.158833027 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.159298897 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.161442995 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.161494970 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.164355993 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.166227102 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.166280031 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.545861959 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.546370983 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.551289082 CEST	9000	49714	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.551382065 CEST	49714	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.551403999 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.551470041 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.551728010 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:12.556504965 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.933918953 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:12.934040070 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.203229904 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.203294992 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.203732014 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.206120014 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.208460093 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.210946083 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.683320999 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.683752060 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.688669920 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.688724041 CEST	9000	49715	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.688750029 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.688786983 CEST	49715	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.689001083 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:13.693932056 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.968367100 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:13.968430042 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.353648901 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:14.353789091 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.354239941 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.356101990 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.359541893 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:14.360920906 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:14.809978008 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.810780048 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.816874981 CEST	9000	49722	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:14.816972971 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.817068100 CEST	9000	49716	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:14.817118883 CEST	49716	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.817426920 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:14.823887110 CEST	9000	49722	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.114176035 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.114252090 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.475753069 CEST	9000	49722	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.478588104 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.582375050 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.584441900 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.587296009 CEST	9000	49722	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.589706898 CEST	9000	49722	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.590573072 CEST	49722	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.790941000 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.796106100 CEST	9000	49724	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:15.796178102 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.797269106 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:15.802174091 CEST	9000	49724	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:16.450258017 CEST	9000	49724	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:16.450335026 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.451014996 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.455763102 CEST	9000	49724	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:16.481972933 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.484750032 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.487076044 CEST	9000	49724	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:16.487138033 CEST	49724	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.489648104 CEST	9000	49726	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:16.489739895 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.490093946 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:16.494806051 CEST	9000	49726	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.137984991 CEST	9000	49726	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.138079882 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.138518095 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.145284891 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.145318985 CEST	9000	49726	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.147018909 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.151304007 CEST	9000	49726	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.152190924 CEST	49726	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.152718067 CEST	9000	49727	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.152797937 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.153013945 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.158582926 CEST	9000	49727	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.800719023 CEST	9000	49727	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.806575060 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.811928988 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.814853907 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.816092968 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.816741943 CEST	9000	49727	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.820213079 CEST	9000	49727	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.821182013 CEST	9000	49728	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:17.822616100 CEST	49727	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.822634935 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.823338032 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:17.828896999 CEST	9000	49728	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:18.480173111 CEST	9000	49728	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:18.480319023 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.480720997 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.482738018 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.484478951 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.485941887 CEST	9000	49728	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:18.487772942 CEST	9000	49728	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:18.487835884 CEST	49728	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.489295959 CEST	9000	49729	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:18.489372969 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.493733883 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:18.498486996 CEST	9000	49729	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:19.146038055 CEST	9000	49729	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:19.146136045 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:19.146714926 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:19.148633957 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:19.151484013 CEST	9000	49729	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:19.153810024 CEST	9000	49729	195.201.251.214	192.168.2.5
Jun 30, 2024 16:33:19.153857946 CEST	49729	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:33:30.081547976 CEST	62239	53	192.168.2.5	162.159.36.2
Jun 30, 2024 16:33:30.086317062 CEST	53	62239	162.159.36.2	192.168.2.5
Jun 30, 2024 16:33:30.086395979 CEST	62239	53	192.168.2.5	162.159.36.2
Jun 30, 2024 16:33:30.086442947 CEST	62239	53	192.168.2.5	162.159.36.2
Jun 30, 2024 16:33:30.091193914 CEST	53	62239	162.159.36.2	192.168.2.5
Jun 30, 2024 16:33:30.541419029 CEST	53	62239	162.159.36.2	192.168.2.5
Jun 30, 2024 16:33:30.542272091 CEST	62239	53	192.168.2.5	162.159.36.2
Jun 30, 2024 16:33:30.547471046 CEST	53	62239	162.159.36.2	192.168.2.5
Jun 30, 2024 16:33:30.547539949 CEST	62239	53	192.168.2.5	162.159.36.2
Jun 30, 2024 16:33:40.213943958 CEST	49703	80	192.168.2.5	192.229.211.108
Jun 30, 2024 16:33:40.219034910 CEST	80	49703	192.229.211.108	192.168.2.5
Jun 30, 2024 16:33:40.219104052 CEST	49703	80	192.168.2.5	192.229.211.108
Jun 30, 2024 16:34:25.114969969 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:34:25.115248919 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:34:25.115247011 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:34:25.115336895 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:34:48.902339935 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:34:48.902426958 CEST	49718	9000	192.168.2.5	195.201.251.214
Jun 30, 2024 16:34:49.124886036 CEST	9000	49718	195.201.251.214	192.168.2.5
Jun 30, 2024 16:34:49.124975920 CEST	49718	9000	192.168.2.5	195.201.251.214

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 30, 2024 16:32:58.955852985 CEST	52432	53	192.168.2.5	1.1.1.1
Jun 30, 2024 16:32:58.963042974 CEST	53	52432	1.1.1.1	192.168.2.5
Jun 30, 2024 16:33:30.080797911 CEST	53	56631	162.159.36.2	192.168.2.5
Jun 30, 2024 16:33:30.552717924 CEST	50551	53	192.168.2.5	1.1.1.1
Jun 30, 2024 16:33:30.560435057 CEST	53	50551	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 30, 2024 16:32:58.955852985 CEST	192.168.2.5	1.1.1.1	0xfd04	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jun 30, 2024 16:33:30.552717924 CEST	192.168.2.5	1.1.1.1	0xa21f	Standard query (0)	56.126.166.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 30, 2024 16:32:58.963042974 CEST	1.1.1.1	192.168.2.5	0xfd04	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Jun 30, 2024 16:33:14.595062017 CEST	1.1.1.1	192.168.2.5	0x9da8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 30, 2024 16:33:14.595062017 CEST	1.1.1.1	192.168.2.5	0x9da8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jun 30, 2024 16:33:28.067055941 CEST	1.1.1.1	192.168.2.5	0x6f5a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 30, 2024 16:33:28.067055941 CEST	1.1.1.1	192.168.2.5	0x6f5a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jun 30, 2024 16:33:30.560435057 CEST	1.1.1.1	192.168.2.5	0xa21f	Name error (3)	56.126.166.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	149.154.167.99	443	3396	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-30 14:32:59 UTC	84	OUT	GET /g067n HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-06-30 14:32:59 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sun, 30 Jun 2024 14:32:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12312 Connection: close Set-Cookie: stel_ssid=553eae89e14da55b6a_12417333205229821988; expires=Mon, 01 Jul 2024 14:32:59 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-06-30 14:32:59 UTC	12312	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 30 36 37 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g067n</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.

Target ID:	0
Start time:	10:32:54
Start date:	30/06/2024
Path:	C:\Users\user\Desktop\vjYcExA6ou.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\vjYcExA6ou.exe"
Imagebase:	0x930000
File size:	4'585'688 bytes
MD5 hash:	C5F20B0CB835ADFF91C281BA3E9995E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2016370667.000000000441D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2016370667.00000000043E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2014897676.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2016370667.000000000434E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2016370667.0000000004382000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2007705675.0000000000932000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:32:55
Start date:	30/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x4f0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:32:55
Start date:	30/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x370000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:32:55
Start date:	30/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x1a0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:32:55
Start date:	30/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x750000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	18.7%
Dynamic/Decrypted Code Coverage:	83.7%
Signature Coverage:	0%
Total number of Nodes:	43
Total number of Limit Nodes:	0

Executed Functions

Function 05799A70 Relevance: 10.3, Strings: 8, Instructions: 345
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

T, xrefs: 05799CD0
;, xrefs: 05799C42
6, xrefs: 05799C50
,, xrefs: 05799BF8
\, xrefs: 05799C16
J, xrefs: 05799BBC
b, xrefs: 05799BB5
;, xrefs: 05799B9A

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: c43cdef03e346a1fc8364aed7fd3055425144cd09a826cd96f7b1e6d03c86439
Instruction ID: 404ab983cc1b6c2fd385fd2416cab5a83f4bfd8f1121ca29764309b948e240a7
Opcode Fuzzy Hash: c43cdef03e346a1fc8364aed7fd3055425144cd09a826cd96f7b1e6d03c86439
Instruction Fuzzy Hash: 6F02AEB4E012698FEB68DF69D944BDDBBB2BB88300F1081EAD50CA7354DB355E858F50

Function 05799A80 Relevance: 10.3, Strings: 8, Instructions: 340
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

T, xrefs: 05799CD0
;, xrefs: 05799C42
6, xrefs: 05799C50
,, xrefs: 05799BF8
\, xrefs: 05799C16
J, xrefs: 05799BBC
b, xrefs: 05799BB5
;, xrefs: 05799B9A

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: b43b7015279839747ed189dfceda72cc4b3d95ae1976d8638af654a8c07200d0
Instruction ID: 8c6d770084e807d70d207b2745a6d2beddb08ec2b4e7d78236c40d9f98cacecf
Opcode Fuzzy Hash: b43b7015279839747ed189dfceda72cc4b3d95ae1976d8638af654a8c07200d0
Instruction Fuzzy Hash: 6A02AEB4E012698FEB68DF69D844BDDBBB2BB88300F1081EAD50CA7354DB355E858F50

Function 05797528 Relevance: 10.3, Strings: 8, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

;, xrefs: 05797680
;, xrefs: 05797728
J, xrefs: 057976A2
T, xrefs: 057977B3
,, xrefs: 057976E1
\, xrefs: 057976FC
b, xrefs: 0579769B
6, xrefs: 05797736

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: 81a56d88e0bcec3eb2b50c2829f72e73e0293fd5102689a537ca3f795479043c
Instruction ID: f0ada5daa3a5ba1eb82ee9a8e85d50a19dd884c2c8ad0daf43f6f7c00cbbdf58
Opcode Fuzzy Hash: 81a56d88e0bcec3eb2b50c2829f72e73e0293fd5102689a537ca3f795479043c
Instruction Fuzzy Hash: 5FF18FB0E01219CFEB68DF69D944B9DBBB2FB89304F1081EAD408A7254DB355E85CF61

Function 05797538 Relevance: 10.3, Strings: 8, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

;, xrefs: 05797680
;, xrefs: 05797728
J, xrefs: 057976A2
T, xrefs: 057977B3
,, xrefs: 057976E1
\, xrefs: 057976FC
b, xrefs: 0579769B
6, xrefs: 05797736

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: c34f927bd0f705fb3bec8d97a38846f5d1dcfae1cad967d411288b3c836a43a1
Instruction ID: ca41ab0bec876839b9882ca19ddbc291f647d61300b15e8a08e1500966052828
Opcode Fuzzy Hash: c34f927bd0f705fb3bec8d97a38846f5d1dcfae1cad967d411288b3c836a43a1
Instruction Fuzzy Hash: D3F17EB0E01219CFEB64DF69D944B9DBBB2FB89304F1081E9D408A7254DB355E85CF61

Function 05798198 Relevance: 10.3, Strings: 8, Instructions: 277
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 0579835F
T, xrefs: 0579843A
;, xrefs: 057983AC
b, xrefs: 0579831C
;, xrefs: 05798301
\, xrefs: 05798380
J, xrefs: 05798323
6, xrefs: 057983BA

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: 11181aad4abe62463eb43c98a6b53a2c0dcf2392e0e98cea4eea4d760daa6194
Instruction ID: 25ebfa3547f37404626bc2de2de2dd48258b4583226e7d8f9656b220a5dc92bd
Opcode Fuzzy Hash: 11181aad4abe62463eb43c98a6b53a2c0dcf2392e0e98cea4eea4d760daa6194
Instruction Fuzzy Hash: AED191B0E01629CFEB64CFAAC9447DDBBB2BF88300F10C1AAD518A7254DB754A85DF50

Function 057981A8 Relevance: 10.3, Strings: 8, Instructions: 270
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 0579835F
T, xrefs: 0579843A
;, xrefs: 057983AC
b, xrefs: 0579831C
;, xrefs: 05798301
\, xrefs: 05798380
J, xrefs: 05798323
6, xrefs: 057983BA

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: b0137c0b919785bb806030fca05a856ed0dac3dcc09d983ad05036f9aba9e3d3
Instruction ID: db2cc30e8de8697995f49d41621a32b441d3a8b744c9c3f04592cbb0cd44ef94
Opcode Fuzzy Hash: b0137c0b919785bb806030fca05a856ed0dac3dcc09d983ad05036f9aba9e3d3
Instruction Fuzzy Hash: DED181B0E01629CFEB64DFAAC9447DDBBB2BF88300F10C1AAD518B7254DB754A859F50

Function 05798730 Relevance: 10.2, Strings: 8, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

6, xrefs: 0579893A
\, xrefs: 05798900
;, xrefs: 0579892C
b, xrefs: 0579889C
,, xrefs: 057988E5
J, xrefs: 057988A3
;, xrefs: 0579887E
T, xrefs: 057989B7

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: 85c4e301eee3471fb8a8e045568a8d55d8fe4f71733be177eeb0829d93cfaba4
Instruction ID: d2a4122747fc34387c1fb0222c18112b89d4c2d447c0911106d249d29a72b610
Opcode Fuzzy Hash: 85c4e301eee3471fb8a8e045568a8d55d8fe4f71733be177eeb0829d93cfaba4
Instruction Fuzzy Hash: B8A1A1B1E01619CFEB64CFAAC94479DBBF2BF88300F10C0AAD418AB254DB754A85DF51

Function 05798720 Relevance: 10.2, Strings: 8, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

6, xrefs: 0579893A
\, xrefs: 05798900
;, xrefs: 0579892C
b, xrefs: 0579889C
,, xrefs: 057988E5
J, xrefs: 057988A3
;, xrefs: 0579887E
T, xrefs: 057989B7

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: fd952ba69019a4324ed7e05ab084002646fc78ce4a1545c8eb8dccce138f76ef
Instruction ID: d2cbb6b0a71cbfd860964bf424db45d7545956137cc81009ea926c0a6bbb9965
Opcode Fuzzy Hash: fd952ba69019a4324ed7e05ab084002646fc78ce4a1545c8eb8dccce138f76ef
Instruction Fuzzy Hash: 44A1A0B1E05619CFEB64CFAAC94479DBBB2BF88300F14C0AAD418AB255DB754A85CF11

Function 013DE7C0 Relevance: 7.0, Strings: 5, Instructions: 720COMMON

Download Yara Rule

Strings

Haq, xrefs: 013DF0C0
(o]q, xrefs: 013DF053
,aq, xrefs: 013DEDE7
(o]q, xrefs: 013DF049
,aq, xrefs: 013DEDD7

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: (o]q$(o]q$,aq$,aq$Haq
API String ID: 0-2157538030
Opcode ID: 06473c5ba162d881488ab3b7bbfba3913918108b91327aa9ec260c0da74109a1
Instruction ID: 407fe493d870a5e0e30e63eb8afec231573cdb32fcfb7bf07ef47f146c872702
Opcode Fuzzy Hash: 06473c5ba162d881488ab3b7bbfba3913918108b91327aa9ec260c0da74109a1
Instruction Fuzzy Hash: 9B529F32B001159FDB19DF6CD484AAEBFB6BF88714B158069E906DB365DB30EC42CB90

Function 05D11B10 Relevance: 6.7, Strings: 5, Instructions: 409
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 05D11B5B
Xz]q, xrefs: 05D14A42
Te]q, xrefs: 05D14C67
Te]q, xrefs: 05D11B37
Xz]q, xrefs: 05D14AF2

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: Te]q$Te]q$Xz]q$Xz]q$i
API String ID: 0-2057163587
Opcode ID: 6c0ae9b67e394d1ac9a1bcfcbbd38b51f974a8ec4aa2bd5de7f4843fa5f1c51d
Instruction ID: 11170f3c25a1d5ce5564a71e1e58cdcd1c2ddcbde4f967c890d3b0821f87e998
Opcode Fuzzy Hash: 6c0ae9b67e394d1ac9a1bcfcbbd38b51f974a8ec4aa2bd5de7f4843fa5f1c51d
Instruction Fuzzy Hash: 26229074D062298FDB64DF29D984AD9BBB2FB49300F1081EAD80DA7254DB35AED1CF50

Function 013DA108 Relevance: 6.0, Strings: 4, Instructions: 1043
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xb`q, xrefs: 013DA243
TJbq, xrefs: 013DA2B8
paq, xrefs: 013DADED
Te]q, xrefs: 013DA959

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: TJbq$Te]q$paq$xb`q
API String ID: 0-4160082283
Opcode ID: 63420cbd62baded72933d365ebe95e0409257bc7233302c469355cd95eb9e61c
Instruction ID: 1d7b3bd58e878de857e44286c3f7d04d13ef8ffc23273505fe9155f4ae547685
Opcode Fuzzy Hash: 63420cbd62baded72933d365ebe95e0409257bc7233302c469355cd95eb9e61c
Instruction Fuzzy Hash: 50B2E175E00228CFDB65CF69C984AD9BBB2FF89304F1581E9D549AB225DB319E81CF40

Function 05D13036 Relevance: 5.4, Strings: 4, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xz]q, xrefs: 05D14A42
Te]q, xrefs: 05D14C67
Xz]q, xrefs: 05D14AF2
H, xrefs: 05D1308D

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: H$Te]q$Xz]q$Xz]q
API String ID: 0-2016753716
Opcode ID: 4dfc5ab4c58e6d770c2f91450a665711f895e6bd51a212302a0bb066b0a2a980
Instruction ID: 752fe69cc4bd1db0d98584d5aede910034a65cd4c3f78c99304a6c7fdaf23f7b
Opcode Fuzzy Hash: 4dfc5ab4c58e6d770c2f91450a665711f895e6bd51a212302a0bb066b0a2a980
Instruction Fuzzy Hash: 80128174E052298FDB64DF29D994AD9BBB2FB89300F1041EAD40DA7254DB35AED1CF40

Function 05D13201 Relevance: 4.1, Strings: 3, Instructions: 348
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xz]q, xrefs: 05D14A42
Te]q, xrefs: 05D14C67
Xz]q, xrefs: 05D14AF2

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: Te]q$Xz]q$Xz]q
API String ID: 0-450967790
Opcode ID: d7e3741759c7d425086d8c6443c77eaff91cecb27288a85ee8bd9334b9fdaedf
Instruction ID: 49cc48669e1fc36812a22abe10ea54079f9fd6b5834ed7b7337f879f5ccfe1be
Opcode Fuzzy Hash: d7e3741759c7d425086d8c6443c77eaff91cecb27288a85ee8bd9334b9fdaedf
Instruction Fuzzy Hash: A9128174D06229CFDB64DF29D984AD9BBB2FB49300F1081EAD40DA7264DB35AE91CF50

Function 0579A3A0 Relevance: 1.8, Strings: 1, Instructions: 578
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(, xrefs: 0579AAF4

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: da9a5f9437bb3768098cb642c7205f5bd28d587161bce783ab3bb02ecfea44b3
Instruction ID: 7e0803a3b224bb39d52b88b1b9777d8fa9097386175057525af62fda24d46bd1
Opcode Fuzzy Hash: da9a5f9437bb3768098cb642c7205f5bd28d587161bce783ab3bb02ecfea44b3
Instruction Fuzzy Hash: 2852DE74D012298FDB68DF69C994BDDBBB2FF89304F1085EA8409AB291DB345E85CF50

Function 05792106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON

Download Yara Rule

Strings

D, xrefs: 0579210B

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: ccb0ef04a606f3dcc201c683858bef808f887942e9a993fd12f55b3663401ca3
Instruction ID: a48128d269fe18a830d6d2fcef77ef5ecc0abb5fcdf97d282d56d37a1ee84cd4
Opcode Fuzzy Hash: ccb0ef04a606f3dcc201c683858bef808f887942e9a993fd12f55b3663401ca3
Instruction Fuzzy Hash: 0E52DB74A012199FCB64EF68D894A9DB7B2FF89300F1045E9D509A7365CB34AEC1CF91

Function 05794448 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da799e051ca227b32f21cf4584cd401f61a4233144f9647db8b54755f4d4de45
Instruction ID: bfc6b315ca561e00da2f743495171076ed9e7c45e055b71821c6d9553db89e46
Opcode Fuzzy Hash: da799e051ca227b32f21cf4584cd401f61a4233144f9647db8b54755f4d4de45
Instruction Fuzzy Hash: 12C1CFB4E012188FDB18DFA9D884BADBBF2FF89300F1081AAD509AB355DB345985CF51

Function 05794458 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39a0ca992f8ed8276b638bb5c01c0379336bb63c740ba9907620c9a709e9890
Instruction ID: 44f7443dc573ecfce163b498c0abe3e5278f0751bf992312029208e042e6a6c3
Opcode Fuzzy Hash: f39a0ca992f8ed8276b638bb5c01c0379336bb63c740ba9907620c9a709e9890
Instruction Fuzzy Hash: 68B1AEB4E012188FDB18DFA9D884B9DBBF6FF89300F1081A9D509AB355DB345986CF51

Function 013DB558 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0304869a4d4c9280741c698b67491faeadaf69bca243d61b70554fcf42ad50c
Instruction ID: 4875feb5cbc120e96982d27003460fe62eb31022bad86cd12c745a508b3765a9
Opcode Fuzzy Hash: b0304869a4d4c9280741c698b67491faeadaf69bca243d61b70554fcf42ad50c
Instruction Fuzzy Hash: D2A1E074E04219CFDB24DFA9D844AADFBB6FF89304F10816AD909A7358DB305A86CF51

Function 05796070 Relevance: 6.6, Strings: 5, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,aq, xrefs: 05796187
(o]q, xrefs: 057961C1
Haq, xrefs: 0579642F
,aq, xrefs: 05796193
(o]q, xrefs: 057961B5

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: (o]q$(o]q$,aq$,aq$Haq
API String ID: 0-2157538030
Opcode ID: fab4b8c5955417ce56e5122df9eef3ed2bb818ac4d467552323451629bd7e124
Instruction ID: 2f901d22e731384408f41ac4d39635b20e0b1e96f221ca3148788181914a5c2b
Opcode Fuzzy Hash: fab4b8c5955417ce56e5122df9eef3ed2bb818ac4d467552323451629bd7e124
Instruction Fuzzy Hash: 0AC16F30B011199FCF18EF68E854AAE7BF2BF89740F148569E406A73A4DB34DC51DBA1

Function 05794EF8 Relevance: 3.0, Strings: 2, Instructions: 483
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d8bq, xrefs: 05794F50
Haq, xrefs: 0579516E

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: Haq$d8bq
API String ID: 0-750804866
Opcode ID: 6f1c744e654d9e09caf6cbdb0c8590567d357da331e6a880811ed9a2329577a6
Instruction ID: 861dee6387e2b95bc9fec3426a1f79c4d29fc520a25bffc8164cd88c0a67acec
Opcode Fuzzy Hash: 6f1c744e654d9e09caf6cbdb0c8590567d357da331e6a880811ed9a2329577a6
Instruction Fuzzy Hash: BA127D78310205CFCB0A9F68E568B6A7BA7EBCD300F148468E94547794CB7DBCD69B21

Function 013DF528 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 013DF7EF

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 63e2c2122f85d046394a08d2ad5dc3899a8ec2ec2c1cd24d7ca4b7dd1f769a71
Instruction ID: f864acc4f8447eebe3e7baa9db78a43f11642e248b069efc6c1c6911a5cd6c36
Opcode Fuzzy Hash: 63e2c2122f85d046394a08d2ad5dc3899a8ec2ec2c1cd24d7ca4b7dd1f769a71
Instruction Fuzzy Hash: C5C14871D0026D8FDB20CFA8D881BEDBBB5BF09314F1491A9D909B7250DB749A86CF91

Function 05D1F9E8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D1FABB

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 34868e1d5cadb8714d7f0776901e79805ed6116d42bff5dd81804645aab63ca9
Instruction ID: 001b394b6ebb41bce81a4faeb015eabf1c9dbed0daeb23964ab04f8951f6e2ee
Opcode Fuzzy Hash: 34868e1d5cadb8714d7f0776901e79805ed6116d42bff5dd81804645aab63ca9
Instruction Fuzzy Hash: 224199B5D012599FCF00CFA9D984ADEFBF1BB49314F20902AE819B7200D738AA45CF64

Function 05D1D2C8 Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 05D1D3D1

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 79b599ed2f82ae40be949563fb4b9f91251d2cdecbda0a7f6afbfb3cef52d248
Instruction ID: 7a6a3d84575ea7da837dcb13f5635edb27ce52bcd9604361584a9dfe8a80f808
Opcode Fuzzy Hash: 79b599ed2f82ae40be949563fb4b9f91251d2cdecbda0a7f6afbfb3cef52d248
Instruction Fuzzy Hash: D141F2B4D00258AFDB14DFA9E884B9EFBF2FB49304F10912AE815AB394D774A845CF45

Function 05D1F890 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D1F93A

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 704a61af54fd3efcdf3b140796f3e0323319fc2e61e1b5caaf69b8a2fd79f0ee
Instruction ID: a9567e3d15fc9c00940350828ad1f3ba6bb5d2356109330f3e23159ed79ef34f
Opcode Fuzzy Hash: 704a61af54fd3efcdf3b140796f3e0323319fc2e61e1b5caaf69b8a2fd79f0ee
Instruction Fuzzy Hash: 643198B8D00259AFCF10CFA9D880ADEFBB1BB49310F10942AE815B7210D735A902CF69

Function 05D1F688 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05D1F737

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 9a1630b9596532a52e12fe19009226bc460d0933d2ad6c35d5cb3af5d0e0177c
Instruction ID: eafdab1a937b82a82fe67adbf3f1dbfeaa6df522238813c66703355c0be9cc47
Opcode Fuzzy Hash: 9a1630b9596532a52e12fe19009226bc460d0933d2ad6c35d5cb3af5d0e0177c
Instruction Fuzzy Hash: 3B31ADB5D012599FCB10DFA9D884AEEFBF1BF49314F24802AE419B7240D778A946CF64

Function 05D1CFF0 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05D1D097

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4112803359896595cdfbf1c8764df220c32abcb0730d7ac08bd09a600e8a7405
Instruction ID: 9a45b39ef2542ed0336ffab99acaf768d40f8801c6ddfe5ec37d5daa8ae9496c
Opcode Fuzzy Hash: 4112803359896595cdfbf1c8764df220c32abcb0730d7ac08bd09a600e8a7405
Instruction Fuzzy Hash: AA3199B8D04258AFCF10CFA9E880ADEFBB1BB09310F10902AE815B7310D335A945CF65

Function 05D1F560 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05D1F5DE

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: cd8789ddf64d11300299293359be88e5dd9fc9e42d4bad7458d940c2676bc6d5
Instruction ID: dd2bcddcb1efd9d29d7336f0991230df2f8ad5201f5da142c6aab1e7e945c886
Opcode Fuzzy Hash: cd8789ddf64d11300299293359be88e5dd9fc9e42d4bad7458d940c2676bc6d5
Instruction Fuzzy Hash: C831ACB4D012199FCB14CFA9E985ADEFBB5BB49314F10942AE819B7300D735A901CFA5

Function 0579804A Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

lo6p, xrefs: 057980AC

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: lo6p
API String ID: 0-3391552499
Opcode ID: d056490badc50e93907d28ff21364a3032fc97f7bb5bcdb8bfc64ff38eab9abf
Instruction ID: 8f0890c7cc7f788152cda1d3bce231f998c8cdbede02169423c2e3bd5b0871e6
Opcode Fuzzy Hash: d056490badc50e93907d28ff21364a3032fc97f7bb5bcdb8bfc64ff38eab9abf
Instruction Fuzzy Hash: 3E419F78E012199FCB44DFA9D9849DDBBF2FF89300F15816AE519AB364DB31A901CF60

Function 05D1E390 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05D1E431

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c3c30c834c9d874ce0cd9062f117dae3bf8f9ec17c0deac77897dd3f9226812b
Instruction ID: b1cca25db2c96bd91f45b880865dbb0668c2b1ce53acf4c86d558858ea83223f
Opcode Fuzzy Hash: c3c30c834c9d874ce0cd9062f117dae3bf8f9ec17c0deac77897dd3f9226812b
Instruction Fuzzy Hash: E83177B8D002589FCF10CFA9E984A9EFBB4FB49310F10902AE819B7310D375A945CF65

Function 05798058 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

lo6p, xrefs: 057980AC

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: lo6p
API String ID: 0-3391552499
Opcode ID: c6b1bdb5b780e75833895d8dd76da7fe73ee46f630b1831640abb628e119f0cb
Instruction ID: 8f82b7d7abb67e8eca21bc24d9cf7f9e4acb65578b2510139bd1f2cfccc4abaa
Opcode Fuzzy Hash: c6b1bdb5b780e75833895d8dd76da7fe73ee46f630b1831640abb628e119f0cb
Instruction Fuzzy Hash: FF417274E012199FCB44DFA9D5849DDBBF2FF89310F148169E915A7364DB31A901CF50

Function 05794EE9 Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

d8bq, xrefs: 05794F50

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: d8bq
API String ID: 0-3484500975
Opcode ID: e131e5a26d02a8d08978842631703d1523bb49492b05c08c5c37c7c310ad3163
Instruction ID: 8e8d2e5b6226931a3a91796293b706228c295ef3e0c037c3680de9c5620017d0
Opcode Fuzzy Hash: e131e5a26d02a8d08978842631703d1523bb49492b05c08c5c37c7c310ad3163
Instruction Fuzzy Hash: 68113AB02007424FCF25D73CE410B2ABBD3BFC1600F188D1DE4968B621DB64D8458760

Function 05797B02 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733e1cfdbc07828a56d460e074b34b96e579416aa04d9934f27f9e6c10805aed
Instruction ID: c900c1e40b3526910e2f25e024cd9c72fee81942e5b9f769de66a4df509cb9b1
Opcode Fuzzy Hash: 733e1cfdbc07828a56d460e074b34b96e579416aa04d9934f27f9e6c10805aed
Instruction Fuzzy Hash: 0BD1B7B4E0120ACFDB04DFA8D485A9EBBB1FF49314F118599D905AB361C779AC85CFA0

Function 05797B10 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda8f6ec460afe4c88a90e79a77f20dcdb9c22cea6e5509ba3a5e31ef2b5ca33
Instruction ID: 643abfb621510bc3d996d84f1d0c9923895f9b99478d58242fc5ab89836c6814
Opcode Fuzzy Hash: cda8f6ec460afe4c88a90e79a77f20dcdb9c22cea6e5509ba3a5e31ef2b5ca33
Instruction Fuzzy Hash: 40D1A6B4E0120ACFDB04DFA8D485AAEBBB1FF49314F118559D904AB365C779AC85CFA0

Function 05793245 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7389c0685cc8e42b03686c4555f1a8acd2b1be752c0d69f2999f404df573ab22
Instruction ID: ae23c697093e7de3c5d893de76cfccc9039b08a67c0cacdf1a971b9abdf0eb25
Opcode Fuzzy Hash: 7389c0685cc8e42b03686c4555f1a8acd2b1be752c0d69f2999f404df573ab22
Instruction Fuzzy Hash: E8C1BBB5A01269DFDB65EF68DC50AEDBBB2FB8A304F4081E9D50DA7250DB305E808F41

Function 05796A2F Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a8365fa09616bc0558c54c75fcfefef19ddb1440b40a320d9f4305a81c513a
Instruction ID: 4fb22e5b7c8e4a7dd19782a8e3b225abc916ea5fe2dd50cd388deca0aefe2513
Opcode Fuzzy Hash: a3a8365fa09616bc0558c54c75fcfefef19ddb1440b40a320d9f4305a81c513a
Instruction Fuzzy Hash: 20B1DFB5A012299FDB65EF68D850BEDB7B2FB8A304F5081E9850DA7350DB346EC18F41

Function 05797EF8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f64109f48e3313a33589a46cd8684155e46f04fc19317d2f9cf349337559479d
Instruction ID: 3e06c0ff69affdb31ba756af625eb9187fe2e3a974145c56c356c0d8a47c6ae6
Opcode Fuzzy Hash: f64109f48e3313a33589a46cd8684155e46f04fc19317d2f9cf349337559479d
Instruction Fuzzy Hash: 74310BB4E11209DFCB08DFA8D5449ADBBB2FF89300F2085AAD818A7355D7359D52CF61

Function 0137D4E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013773496.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca1637a55df62debe7a4360b295cc2414c9993289d902a9de1ff9f1163a9bf0
Instruction ID: 558d2021a408df1406c91fd4467f02a2f036ad7f79b35eb4ba8215c5e24e6c48
Opcode Fuzzy Hash: 2ca1637a55df62debe7a4360b295cc2414c9993289d902a9de1ff9f1163a9bf0
Instruction Fuzzy Hash: 022103B1504204DFDB25DF98D9C0B26BF65FF8832CF248569E90A0B656C33AD456CAA1

Function 0138D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013814954.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_138d000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d013d6a71bd65ef789c65b4418df6836d6db8b42e97b38d85353ac5f2ac8d1fa
Instruction ID: 8092cff36254cb56f5b3b4741c4cd6c553c1371279c69bc416d4ddde062ae253
Opcode Fuzzy Hash: d013d6a71bd65ef789c65b4418df6836d6db8b42e97b38d85353ac5f2ac8d1fa
Instruction Fuzzy Hash: EE2145B1504344DFCB11EF48D9C4B26BF69FB84318F24C569E9090B682C336C40BC6A2

Function 05794E50 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46a7c88a3102bbb215ad64044401fe0d19caf8247a5bf69a136c2c71b308814
Instruction ID: 6407c7e845dc82e46ac98f06d89d6a0f18032f741cdcc88290f1cd75b2e9e9d3
Opcode Fuzzy Hash: a46a7c88a3102bbb215ad64044401fe0d19caf8247a5bf69a136c2c71b308814
Instruction Fuzzy Hash: A5113D72E012199FCF04DF99E844AEEFBF6FB89210F50802AE915E3240D7759A55CBA0

Function 05794E41 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1613d6daa1e280c631c974bb11bad5013b8182a9b7a4ab69d5d17ccf21135d32
Instruction ID: 3f0881d9303300d3ade98a3dd4ed919d2f843a5defb036d434431c3322b0b68b
Opcode Fuzzy Hash: 1613d6daa1e280c631c974bb11bad5013b8182a9b7a4ab69d5d17ccf21135d32
Instruction Fuzzy Hash: AA116DB2E012199FCF05DFA9D8449FEBBF6FF89210F04842AE415E7245D7348A12CBA0

Function 0137D4DB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013773496.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_137d000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
Instruction ID: 36cd20f02a4ca9f2c88a39af90d53f4ccf6b23cd7dcf84953a8f94ec11b89538
Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
Instruction Fuzzy Hash: 8411AF76504240CFDB16CF54D5C4B16BF71FB88328F24C6A9D9090B656C33AD45ACBA1

Function 0138D017 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013814954.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_138d000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4debc72d566a432075444213d0986bb668aee8537d1fa8b58e63e6cf4e4d047
Instruction ID: 220fe294731eb4e4d6614d5b02492819b56846ea32bc4fddd8f136cd07a64729
Opcode Fuzzy Hash: d4debc72d566a432075444213d0986bb668aee8537d1fa8b58e63e6cf4e4d047
Instruction Fuzzy Hash: 8E11BEB6504280CFDB12DF54D9C4B16BF72FB84318F24C6A9D9494B696C33AD41BCBA2

Function 05797F08 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e7a355a19919276ac6e258cd597a8d2a4b06a163232a70db19b46823379ccd
Instruction ID: 0dd556e97152d903cd57edc7f0080dd016253f9ac2c62e668c8ba7ff60326aae
Opcode Fuzzy Hash: 43e7a355a19919276ac6e258cd597a8d2a4b06a163232a70db19b46823379ccd
Instruction Fuzzy Hash: 6F01A5B8E11209DFCB48EFA9D5445AEBBF1FB49310F1085AAD819A7354EB305A41CF61

Function 05795FF9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f10744c8a276bfb5541f7883aa6847aefb88393eeaee8f735c8e7ef209ad90e
Instruction ID: 25741a9708ab50a87949da7a9bc9d73797852e8038d64d810e6e824adf2b23cc
Opcode Fuzzy Hash: 0f10744c8a276bfb5541f7883aa6847aefb88393eeaee8f735c8e7ef209ad90e
Instruction Fuzzy Hash: D8F04971D04209EFCF55EFA8E8409ECBFF5EF06310F40829AE804A6260E7305A54EB91

Function 05794927 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9362cd646bd822f6a83d569b72feceb6ec51df5e3597b6ecb605ccef833112e3
Instruction ID: b5496a6ecf38c0cfc9e3b93d07ab8ff833b02155d3b908d32c785c88fc45d487
Opcode Fuzzy Hash: 9362cd646bd822f6a83d569b72feceb6ec51df5e3597b6ecb605ccef833112e3
Instruction Fuzzy Hash: D7F06775908208AFCF41CFA8E5016DCBBB2FB49310F20C19ADC1897311D2358A16EF00

Function 05794DB8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b4040cfc001881c772737373ead4216b5667aea209d9eed72cda956a277418c
Instruction ID: 63bdd9ce8c5e78ed73421e52dc3bf60213b49b84411a3ed9cc35bbde649bb8e9
Opcode Fuzzy Hash: 9b4040cfc001881c772737373ead4216b5667aea209d9eed72cda956a277418c
Instruction Fuzzy Hash: 5FE06539305265BB8F0E1F15A8148BE3F6BEBC92217048056FD59C2204CE35C961A7B0

Function 0579AD56 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6663ff601a43783c168b5354f36098e8845d5718db4d33bc41e96d68d3a9de25
Instruction ID: c12852f1c24244c8896cb435ad5f4ec315b815852776b718e6da87a7657fe2ac
Opcode Fuzzy Hash: 6663ff601a43783c168b5354f36098e8845d5718db4d33bc41e96d68d3a9de25
Instruction Fuzzy Hash: 98F0AF75A0522CDFCF24DFA5E8446ECBBB1FF8A312F0054AAC40AA2260DB345A95CF11

Function 05794DA8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6f8d790ecd82e273b91a75a190a716a2248997eef487006653ba902155c96f
Instruction ID: 9c9c9803bae5d426885ce5febc1863a35d20dc24bf2f38f344b6bd079a68d0a7
Opcode Fuzzy Hash: fd6f8d790ecd82e273b91a75a190a716a2248997eef487006653ba902155c96f
Instruction Fuzzy Hash: ADE02B3A30A3905FCF1F4754B8105BE3F72EECB211309409BF945C7141CA2489129370

Function 05795C1F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077023c54ef77446196a7ffadd896992be2279b683296e42bfc2775fe4e77e7b
Instruction ID: d0f2ab95b7efa654751072d8a683718b08a0458e874f60813d921ab92e832d2a
Opcode Fuzzy Hash: 077023c54ef77446196a7ffadd896992be2279b683296e42bfc2775fe4e77e7b
Instruction Fuzzy Hash: 6AF08570E092089FCB45CFB8D6806ACBBB1EB4A310F10C0EA8858D7301D2308A06DB40

Function 05794938 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b66f34718972bfa73264a5f4c6264e7ca8c967c7229ea66062d0eb9579af3a8
Instruction ID: 333f084252cc5abb5ab04ac6536d89c76414284f12a04e8b7b6f47f85710e9c2
Opcode Fuzzy Hash: 2b66f34718972bfa73264a5f4c6264e7ca8c967c7229ea66062d0eb9579af3a8
Instruction Fuzzy Hash: 81F0A574D04209EFCF54DFA8D544A9CBBB5FB48310F10C1AAAC1993350D7319A52EF91

Function 05795C30 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c49304e93a0ae0588974cb99611416ab6a097f55c22cf854304de9088e15c84
Instruction ID: 573b69222f42627f8c37440744c73ca2d8939d09ea1594ce872d18d8f1caa1ba
Opcode Fuzzy Hash: 3c49304e93a0ae0588974cb99611416ab6a097f55c22cf854304de9088e15c84
Instruction Fuzzy Hash: B8E0E574E09208EFCB98DFA8E545AACBBF5FB49310F10C1AA981993340D7319A02DF81

Function 0579A108 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be0d5c3d85a83c56e8c42b18171613c89faeea7be59f5d7a0544e0cd12b5938
Instruction ID: 88f4c7fcc1b467433c14cbdcf4cbbe633b369ea3e8de4afb5a3b8445b9d1f0e6
Opcode Fuzzy Hash: 8be0d5c3d85a83c56e8c42b18171613c89faeea7be59f5d7a0544e0cd12b5938
Instruction Fuzzy Hash: E1D0C93408B3D0DAD71AA76876282547FB46B0721AB0D9086D8C9464A2C6684094EB3A

Function 0579A118 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d99a9a244b1cd4397167ba9898986dd313ebe3d9ee6e1d5521ee735231457d1
Instruction ID: 0fa8f02160295f9ec7ad8268481c01f03c543e65c9b5e681c657ad9e97d8c2bf
Opcode Fuzzy Hash: 5d99a9a244b1cd4397167ba9898986dd313ebe3d9ee6e1d5521ee735231457d1
Instruction Fuzzy Hash: EEB09231087728C6CB1C7A9EB50C3A577A8A70A326F889411A94D018948AB490E0DA7A

Function 05794D90 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 837149fc324621266e143e9f3fd9406f2e57d5c8aabbdc5ae39169230939a342
Instruction ID: c8c34b7bb1a45745a15d467808f5d6d692bff3630cde426601ed13d99353851d
Opcode Fuzzy Hash: 837149fc324621266e143e9f3fd9406f2e57d5c8aabbdc5ae39169230939a342
Instruction Fuzzy Hash: 6DB024F134530077DD0057404F05F457511575CF01F004011F34C040C4C1F14070D735

Non-executed Functions

Function 05798A88 Relevance: 10.3, Strings: 8, Instructions: 324COMMON

Download Yara Rule

Strings

J, xrefs: 05798BA4
;, xrefs: 05798C2D
b, xrefs: 05798B9D
,, xrefs: 05798BE6
T, xrefs: 05798CB5
\, xrefs: 05798C01
;, xrefs: 05798B82
6, xrefs: 05798C3B

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: db26c89c23eeab95e6e21d616f77a969019126b79bd543d05e9f6a0f426b5e6b
Instruction ID: 136945185da077d3a88c27c8fbdae9d5c79d8b2fd25a25c59762a50a8a496f70
Opcode Fuzzy Hash: db26c89c23eeab95e6e21d616f77a969019126b79bd543d05e9f6a0f426b5e6b
Instruction Fuzzy Hash: EC02AFB4E01229CFEB68DF69D944BD9BBB2FB89300F1081EAD408A7250DB355E85CF50

Function 05798A98 Relevance: 10.3, Strings: 8, Instructions: 319COMMON

Download Yara Rule

Strings

J, xrefs: 05798BA4
;, xrefs: 05798C2D
b, xrefs: 05798B9D
,, xrefs: 05798BE6
T, xrefs: 05798CB5
\, xrefs: 05798C01
;, xrefs: 05798B82
6, xrefs: 05798C3B

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: 13febdd4730c9a0abf582448074eda63f0c56578b71b7a5489ac1604f364cfaa
Instruction ID: 6dfd9e68ba181e80bb7764366d236a85cb0810a8bd8e7b4a0662d6393d3555d6
Opcode Fuzzy Hash: 13febdd4730c9a0abf582448074eda63f0c56578b71b7a5489ac1604f364cfaa
Instruction Fuzzy Hash: C8F18FB4E01229CFEB68DF69D954BD9BBB2FB88304F1081EAD408A7250DB755E85CF50

Function 057994C9 Relevance: 10.3, Strings: 8, Instructions: 304COMMON

Download Yara Rule

Strings

J, xrefs: 05799639
,, xrefs: 05799675
\, xrefs: 05799690
b, xrefs: 05799632
T, xrefs: 05799747
;, xrefs: 05799617
;, xrefs: 057996BF
6, xrefs: 057996CD

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: e28f55dd9a0cdc2ff7dc12e4dae05cf4de4479166f1fe1a317f71343a8ce3ae6
Instruction ID: 6682806fe9c01bbdd8a28d27c9d9475d0474dffb2cdf6689ea9bcc7447408639
Opcode Fuzzy Hash: e28f55dd9a0cdc2ff7dc12e4dae05cf4de4479166f1fe1a317f71343a8ce3ae6
Instruction Fuzzy Hash: FEF192B0E016298FEB68DF6AC9447DDBBF2BF88300F10C1AAD50CA7254DB755A859F50

Function 057994D8 Relevance: 10.3, Strings: 8, Instructions: 299COMMON

Download Yara Rule

Strings

J, xrefs: 05799639
,, xrefs: 05799675
\, xrefs: 05799690
b, xrefs: 05799632
T, xrefs: 05799747
;, xrefs: 05799617
;, xrefs: 057996BF
6, xrefs: 057996CD

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: ,$6$;$;$J$T$\$b
API String ID: 0-1196615177
Opcode ID: cae867a3236be433edbfa05c59c8c27c712ad47bf2ddc41c2757fd0b15fac7f6
Instruction ID: b44e73a1d948d87252767b1be79747fcf64357c6a49e0a34fea9e4617611f0e0
Opcode Fuzzy Hash: cae867a3236be433edbfa05c59c8c27c712ad47bf2ddc41c2757fd0b15fac7f6
Instruction Fuzzy Hash: E7E192B0E012298FEB68DF6AC9447DDBBF2BF88300F10C1AAD50CA7254DB755A859F50

Function 05792C38 Relevance: 9.3, Strings: 7, Instructions: 532COMMON

Download Yara Rule

Strings

4']q, xrefs: 05792CAE
4|bq, xrefs: 05792E28
4']q, xrefs: 05792CDE
Q, xrefs: 05793AB2
4']q, xrefs: 05792C53
4|bq, xrefs: 05792E43
$]q, xrefs: 05792D00

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: 4']q$4']q$4']q$4|bq$4|bq$Q$$]q
API String ID: 0-277515193
Opcode ID: cecaba1af8f94b59330027c976cc97bd2baff8d27868bf452245d951616dec9d
Instruction ID: be19df4ef04b3427930357c7e3ce117842a9e9ad1240076de7c35c4f7b73ebcb
Opcode Fuzzy Hash: cecaba1af8f94b59330027c976cc97bd2baff8d27868bf452245d951616dec9d
Instruction Fuzzy Hash: 1C02C3357046159FCF1DEF28E494A6A7BB3BF89700B1588A9D406DB366CB30DC81DBA1

Function 013D3198 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

4']q, xrefs: 013D3296

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: d6f316c5b769ce964fb138b66851d9e7fe5f76e6d9878c56c74decab108d8598
Instruction ID: bea9d3aaebb34f30472c2b1396054744a3bc13cb4c7c6a15854e23cab36746f7
Opcode Fuzzy Hash: d6f316c5b769ce964fb138b66851d9e7fe5f76e6d9878c56c74decab108d8598
Instruction Fuzzy Hash: 1B7130B1A0120A8FD719DFBEE84469EBBF3FB84304F14C529D415AB268DB785A46CB41

Function 013D31A8 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

4']q, xrefs: 013D3296

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 78fe1b687312a1ca989a33fb6f76b3bb69053a5b0122d1f7f3795c4c8d8697ab
Instruction ID: 4bd882ceb2222faf14e87c8c3928f22c2bc5d8732635a56cdfbbd9ad5600a082
Opcode Fuzzy Hash: 78fe1b687312a1ca989a33fb6f76b3bb69053a5b0122d1f7f3795c4c8d8697ab
Instruction Fuzzy Hash: 55611FB1E0120A8FDB19DFBEE84469EBBF3FB84304F14C529D415AB268DB785A45CB41

Function 013D3558 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

S, xrefs: 013D6BD8

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID: S
API String ID: 0-543223747
Opcode ID: 4852d883f62f126b448b68d31dfa9ed03f62f8f7d3bfc6fdddb0c5414090525b
Instruction ID: 6334a2845f270a37682e69dd04160d30ce1b40255f02e166b9bfffdae904f76d
Opcode Fuzzy Hash: 4852d883f62f126b448b68d31dfa9ed03f62f8f7d3bfc6fdddb0c5414090525b
Instruction Fuzzy Hash: 224123B2D01A588BEB1CCF6B9D5069EFAF7BFC8305F14C1BA950CA6254EB3109468F11

Function 0579A13A Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c90110135355e987d3c850e8dc00000f4043fd0ce42703092da48ea850e579
Instruction ID: 1702e3b7b2f5085670eb2ca267926a63a28a1685e370451d5a6ca2c0fde4ee7d
Opcode Fuzzy Hash: 99c90110135355e987d3c850e8dc00000f4043fd0ce42703092da48ea850e579
Instruction Fuzzy Hash: 3C515E7490260A9FDB4CEFBAE8406EE7BF2FB8D304F14C525D0049B254DB385855CB61

Function 0579A148 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96cdf38725d36efacdf81dc66d7baf3a99266f383e43a6cd58be59db6e6d588
Instruction ID: cd55d16c12274ecba3479678921af9ce162edc12496cb499d8b119daacdd7c0f
Opcode Fuzzy Hash: f96cdf38725d36efacdf81dc66d7baf3a99266f383e43a6cd58be59db6e6d588
Instruction Fuzzy Hash: 4D515E7490260ADFDB4DEFAAE8406EE7BF2FB8D304F14C529D0049B258DB385855CBA1

Function 05D1D4D0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017722548.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15060b450ae2ec61adbdad8f4e2fc6d564b12a0d9c7bcd3e6b94266a6a137c71
Instruction ID: 182ccb0facef7126620f73138bf9b608b0af99bb75ac800c4b5a8e8005b027fc
Opcode Fuzzy Hash: 15060b450ae2ec61adbdad8f4e2fc6d564b12a0d9c7bcd3e6b94266a6a137c71
Instruction Fuzzy Hash: 2041D2B0D1434CAFDB14DFA9D884A9DFBF2BB0A304F20912AE819BB250D7749845CF45

Function 013D3548 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2013965766.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d0000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b532645d888a5a18912ede8da186041b9758f7279a798a341d864ef8bf894d
Instruction ID: d93e52466b4a07a954d96640610d71c6321560661cb68dd4e5aab5a14948b4bf
Opcode Fuzzy Hash: 81b532645d888a5a18912ede8da186041b9758f7279a798a341d864ef8bf894d
Instruction Fuzzy Hash: 574157B1D01A588BEB1CCF6B9D4069AFAF7BFC8301F14C1BA940CA7255EB3049428F11

Function 0579A390 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2017022834.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5790000_vjYcExA6ou.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660f5babff5085d592cff47c3c4ef9024660dad2b3686666f35b1cc86c6ad879
Instruction ID: 160c361b73a54338bf7172edc9112bd56002b1054d84d94279cd911a32130703
Opcode Fuzzy Hash: 660f5babff5085d592cff47c3c4ef9024660dad2b3686666f35b1cc86c6ad879
Instruction Fuzzy Hash: DE31A7B1D016288BEB28CF67D9143DAFAF2BFC5304F14C1AAC44C6A254DB750A89DF51

Analysis Process: MSBuild.exePID: 3396, Parent PID: 5504COMMON

Execution Graph

Execution Coverage:	4.2%
Dynamic/Decrypted Code Coverage:	0.7%
Signature Coverage:	13%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 0041B050 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 507
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(?,0041922C), ref: 0041B06C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B083
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B09A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0B1
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0C8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0DF
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0F6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B10D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B124
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B13B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B152
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B169
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B180
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B197
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1AE
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1C5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B20A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B221
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B238
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B24F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B266
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B27D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B294
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2AB
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2C2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2D9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2F0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B307
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B31E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B335
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B34C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B363
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B37A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B391
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3A8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3BF
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3D6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3ED
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B404
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B41B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B432
GetProcAddress.KERNEL32(CreateProcessA), ref: 0041B448
GetProcAddress.KERNEL32(GetThreadContext), ref: 0041B45E
GetProcAddress.KERNEL32(ReadProcessMemory), ref: 0041B474
GetProcAddress.KERNEL32(VirtualAllocEx), ref: 0041B48A
GetProcAddress.KERNEL32(ResumeThread), ref: 0041B4A0
GetProcAddress.KERNEL32(WriteProcessMemory), ref: 0041B4B6
GetProcAddress.KERNEL32(SetThreadContext), ref: 0041B4CC
LoadLibraryA.KERNELBASE(?,0041922C), ref: 0041B4DD
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4EE
LoadLibraryA.KERNELBASE(?,0041922C), ref: 0041B4FF
LoadLibraryA.KERNELBASE(?,0041922C), ref: 0041B510
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B521
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B532
LoadLibraryA.KERNELBASE(?,0041922C), ref: 0041B543
LoadLibraryA.KERNELBASE(?,0041922C), ref: 0041B554
LoadLibraryA.KERNELBASE(dbghelp.dll,?,0041922C), ref: 0041B564
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B584
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B59B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5B2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5C9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5E0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B604
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B61B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B632
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B649
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B660
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B677
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B68E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6A5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6C5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B70A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B721
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B745
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B75C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B773
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B78A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7A1
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7B8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B80A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B821
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B838
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B84F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B866
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B87D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B894
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8B4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8CB
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8E2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8F9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B910
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B930
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B947
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B967
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B97E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9A2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9B9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9D0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9E7
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9FE
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA15
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA2C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA43
GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 0041BA59
GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041BA6F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA8F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAA6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BABD
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAD4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAF4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB14
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB2B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB42
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB59
GetProcAddress.KERNEL32(SymMatchString), ref: 0041BB78

Strings

GetThreadContext, xrefs: 0041B453
CreateProcessA, xrefs: 0041B43D
HttpQueryInfoA, xrefs: 0041BA4E
InternetSetOptionA, xrefs: 0041BA64
VirtualAllocEx, xrefs: 0041B47F
SymMatchString, xrefs: 0041BB6D
dbghelp.dll, xrefs: 0041B55F
ResumeThread, xrefs: 0041B495
ReadProcessMemory, xrefs: 0041B469
SetThreadContext, xrefs: 0041B4C1
WriteProcessMemory, xrefs: 0041B4AB

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
API String ID: 2238633743-2740034357
Opcode ID: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
Instruction ID: 64df46d759b3a8e539eb425d674754a75b55508f076e1d27ec912ac7423ac894
Opcode Fuzzy Hash: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
Instruction Fuzzy Hash: 9552C57D481214EFEB025F61FE19AA43FB3F70B3417197129E91289671E77648A8EF80

Function 00409FC0 Relevance: 44.5, APIs: 20, Strings: 5, Instructions: 760
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

FindFirstFileA.KERNELBASE(00000000,?,00425200,00425200,00000000,?,?,?,00428F3C,00425200), ref: 0040A045
StrCmpCA.SHLWAPI(?,00425240), ref: 0040A0A0
StrCmpCA.SHLWAPI(?,0042523C), ref: 0040A0B6
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040AB2C
FindClose.KERNEL32(000000FF), ref: 0040AB3D

Strings

Opera GX, xrefs: 0040A144
Google Chrome, xrefs: 0040A834
\BraveWallet\Preferences, xrefs: 0040A40E
Brave, xrefs: 0040A2F9
Preferences, xrefs: 0040A318

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
API String ID: 3334442632-1189830961
Opcode ID: b6171a64cfc6ab4f13282320838a7735dbd279b900ab7de6f694e87253319736
Instruction ID: 263e58a2a74b46f478eabfba2e73a67f6604dac1ca14d90e5786d28d1d592fab
Opcode Fuzzy Hash: b6171a64cfc6ab4f13282320838a7735dbd279b900ab7de6f694e87253319736
Instruction Fuzzy Hash: 225241719002089BDF24FBB1DC56EED737DAF15304F40416AF61AA21A1EE399B88CF59

Function 004058C4 Relevance: 42.6, APIs: 20, Strings: 4, Instructions: 565
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040595F
StrCmpCA.SHLWAPI(?), ref: 00405975
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405AEF
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405B4C
lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00428D7C,00000000), ref: 00405F2B
lstrlenA.KERNEL32(00000000), ref: 00405F3C
GetProcessHeap.KERNEL32(00000000,?), ref: 00405F4C
HeapAlloc.KERNEL32(00000000), ref: 00405F53
lstrlenA.KERNEL32(00000000), ref: 00405F68
memcpy.MSVCRT ref: 00405F7E
lstrlenA.KERNEL32(00000000), ref: 00405F8F
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405FA8
memcpy.MSVCRT ref: 00405FB5
lstrlenA.KERNEL32(00000000,?,?), ref: 00405FCF
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405FE2
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405FFE
InternetCloseHandle.WININET(00000000), ref: 00406061
InternetCloseHandle.WININET(00000000), ref: 0040606D
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00405B84

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

InternetCloseHandle.WININET(00000000), ref: 00406076

Strings

mode, xrefs: 00405EAB
", xrefs: 00405C53, 00405D92, 00405ED3
build_id, xrefs: 00405D6A
------, xrefs: 004059F7, 00405B8A, 00405CCA, 00405E0B

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
String ID: "$------$build_id$mode
API String ID: 487080699-3829489455
Opcode ID: 99e7d839f9470243f8a500febddaa2585a4ce8104e375d9646ee5b01df51d87c
Instruction ID: c3a436f612394fb5ea9af5c3dff246c6ebafd40c3fbf54516d0a2530dbd512cc
Opcode Fuzzy Hash: 99e7d839f9470243f8a500febddaa2585a4ce8104e375d9646ee5b01df51d87c
Instruction Fuzzy Hash: 0632EB71920118AADB15FBA1DC96FDEB379BF14305F5001AAF216B21B1DF386B88CE54

Function 21FE4CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 21FE4EE1

Strings

psow, xrefs: 21FE51F5
exclusive, xrefs: 21FE4E81
delayed %dms for lock/sharing conflict at line %d, xrefs: 21FE4FB5
winOpen, xrefs: 21FE5110

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: d2091ef3157b8576917bbc6f5d8d1e3dad808bf25cbe8fd0c02d16745219c322
Instruction ID: 623af15c5c35119baf8cdb67953367cd57d8eaa16dcea16706643eabdedbfd9e
Opcode Fuzzy Hash: d2091ef3157b8576917bbc6f5d8d1e3dad808bf25cbe8fd0c02d16745219c322
Instruction Fuzzy Hash: DDF1AF71944301DFE7148F24C88CB1A7BE5AB99304F440A2DFE69C729ADB7BD944CB92

Function 004129BF Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 142comCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory,00000000,?,00428E48,00000000), ref: 004129E9
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4), ref: 00412A01
CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?), ref: 00412A1D
CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000), ref: 00412A65
VariantInit.OLEAUT32(?), ref: 00412AC6
VariantClear.OLEAUT32(?), ref: 00412AFC

Strings

Select * From AntiVirusProduct, xrefs: 00412A6B
WQL, xrefs: 00412A81
displayName, xrefs: 00412AD6
root\SecurityCenter2, xrefs: 00412A27
Unknown, xrefs: 00412B0E, 00412B22, 00412B44

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InitializeVariant$BlanketClearCreateInitInstanceProxySecurity
String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 3243281124-2561087649
Opcode ID: 01e7d32d45ff0252796b17b99a1afcd933ba27ea36f00a65b271f1c55a8e973d
Instruction ID: cc2f9b12050fb50489b4dacd928ba9f1606622a753a49b6d6fc2a760caa5f7a5
Opcode Fuzzy Hash: 01e7d32d45ff0252796b17b99a1afcd933ba27ea36f00a65b271f1c55a8e973d
Instruction Fuzzy Hash: 01512971A44208AFEB10CF94DD46FEDBBB8EB08711F604116F611FA1E0C7B8A951CB69

Function 004138BA Relevance: 7.6, APIs: 5, Instructions: 51processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004138F5
Process32First.KERNEL32(00429888,00000128), ref: 00413908
Process32Next.KERNEL32(00429888,00000128), ref: 0041391C
StrCmpCA.SHLWAPI(?,0042988C), ref: 00413930
FindCloseChangeNotification.KERNELBASE(00429888), ref: 00413943

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
Instruction ID: c76ae2ebba4cdfdbec52cc22ef4db84e697ee2aab148ee9ae3442f35c02f241c
Opcode Fuzzy Hash: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
Instruction Fuzzy Hash: 2B11C2B5900249EFDF118F91CD09BEFBBBDFB06791F00016AE505A62A0D7B88B40CB65

Function 0041246A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00412491
Process32First.KERNEL32(00000000,00000128), ref: 004124A4
Process32Next.KERNEL32(00000000,00000128), ref: 004124B8

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

CloseHandle.KERNEL32(00000000), ref: 00412525

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 977ae0b600e9dfa5c8bb5876995a90588de119cf502625faec0d1e404a198b9a
Instruction ID: 2c0229d212547161a0eb93f3d0d5d82303ca8f07f9ab92fbeb1aaa96aca691bd
Opcode Fuzzy Hash: 977ae0b600e9dfa5c8bb5876995a90588de119cf502625faec0d1e404a198b9a
Instruction Fuzzy Hash: CC212935900118EBCB11EB60DD56AEDB379AF15309F5041EAA60AB61A0EF349FC8CF94

Function 00411CBF Relevance: 6.0, APIs: 4, Instructions: 31memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00428E48,00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411CCF
HeapAlloc.KERNEL32(00000000), ref: 00411CD6
GetTimeZoneInformation.KERNELBASE(?), ref: 00411CE9
wsprintfA.USER32 ref: 00411D20

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
Instruction ID: daf70193e9c0513ecb3072794c83a438d37f7fdfa3376bc861271b49892c1553
Opcode Fuzzy Hash: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
Instruction Fuzzy Hash: 2BF0BE70A003289FDB20AB24FC0AB9977BBBB02345F1001D5F209AA2E0D7749EC0CF02

Function 00407E41 Relevance: 4.5, APIs: 3, Instructions: 43memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
LocalFree.KERNEL32(?), ref: 00407EAB

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
Instruction ID: c73416beba9d1fde4238afde8a7e84a4d4aa4311c1f55aef6ad3ec00fa4115b4
Opcode Fuzzy Hash: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
Instruction Fuzzy Hash: 72019279900209EFCB01DF98D945A9E7BF5FB09300F0000A5F901AB2A0D774AE50DF61

Function 00411BEC Relevance: 4.5, APIs: 3, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041A955), ref: 00411BF8
HeapAlloc.KERNEL32(00000000,?,?,?,0041A955), ref: 00411BFF
GetUserNameA.ADVAPI32(?,00000104), ref: 00411C16

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: cdb89f3b8d2170a32c4f5d9c7d109af83218dd3f9df08350fd3753d412c9dc7b
Instruction ID: 6ad48150bf72aad5a6046b0908b1c33b434ec51fc494a64bf18a9d81697ab1ea
Opcode Fuzzy Hash: cdb89f3b8d2170a32c4f5d9c7d109af83218dd3f9df08350fd3753d412c9dc7b
Instruction Fuzzy Hash: B3E04CB4A00608FFDB10DBD4DC49FADBBB8FB04749F904065F601E2160D7B45A459B64

Function 00411F21 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(00000000), ref: 00411F2E
wsprintfA.USER32 ref: 00411F43

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 2f2772df9e2289074dc65a3b003ee837af4eb9d8d63b789a1da4cf5f031d46f7
Instruction ID: 9caa33327a18f9dae679d202d2ba32c4f74d5e180e33a6cc9dfb65b88a9d38f3
Opcode Fuzzy Hash: 2f2772df9e2289074dc65a3b003ee837af4eb9d8d63b789a1da4cf5f031d46f7
Instruction Fuzzy Hash: F6D05EB180011CABCB00DBE0FC499D977BCBB09208F4408B1E614E2040E3B8EAD88BA8

Function 0041A76B Relevance: 257.6, APIs: 139, Strings: 8, Instructions: 337
sleepstringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea), ref: 0041A776
lstrlenW.KERNEL32(The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On), ref: 0041A781
lstrlenW.KERNEL32(Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l), ref: 0041A78C
lstrlenW.KERNEL32(The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia), ref: 0041A797
lstrlenW.KERNEL32(I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and), ref: 0041A7A2
LoadLibraryA.KERNEL32(kernel32.dll), ref: 0041A7AD
GetProcAddress.KERNEL32(00000000,Sleep), ref: 0041A7C4
GetProcAddress.KERNEL32(00000000,GetSystemTime), ref: 0041A7D7

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Sleep.KERNELBASE(00000014), ref: 0041A7E4
Sleep.KERNELBASE(00000014), ref: 0041A7EC
Sleep.KERNEL32(00000014), ref: 0041A7F4
Sleep.KERNEL32(00000014), ref: 0041A7FC
Sleep.KERNEL32(00000014), ref: 0041A804
Sleep.KERNEL32(00000014), ref: 0041A80C
lstrlenW.KERNEL32(Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea), ref: 0041A817
lstrlenW.KERNEL32(The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On), ref: 0041A822
lstrlenW.KERNEL32(Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l), ref: 0041A82D
lstrlenW.KERNEL32(The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia), ref: 0041A838
lstrlenW.KERNEL32(I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and), ref: 0041A843
Sleep.KERNEL32(00000014), ref: 0041A84B
Sleep.KERNEL32(00000014), ref: 0041A853
Sleep.KERNEL32(00000014), ref: 0041A85B
Sleep.KERNEL32(00000014), ref: 0041A863
Sleep.KERNEL32(00000014), ref: 0041A86B
Sleep.KERNEL32(00000014), ref: 0041A873
Sleep.KERNEL32(00000014), ref: 0041A880
Sleep.KERNEL32(00000014), ref: 0041A888
Sleep.KERNEL32(00000014), ref: 0041A890
Sleep.KERNEL32(00000014), ref: 0041A898
Sleep.KERNEL32(00000014), ref: 0041A8A0
Sleep.KERNEL32(00000014), ref: 0041A8A8
Sleep.KERNELBASE(00000014), ref: 0041A8B5
Sleep.KERNEL32(00000014), ref: 0041A8BD
Sleep.KERNEL32(00000014), ref: 0041A8C5
Sleep.KERNEL32(00000014), ref: 0041A8CD
Sleep.KERNEL32(00000014), ref: 0041A8D5
Sleep.KERNEL32(00000014), ref: 0041A8DD
Sleep.KERNEL32(00000014), ref: 0041A8E5
Sleep.KERNEL32(00000014), ref: 0041A8ED
Sleep.KERNEL32(00000014), ref: 0041A8F5
Sleep.KERNEL32(00000014), ref: 0041A8FD
Sleep.KERNEL32(00000014), ref: 0041A905
Sleep.KERNEL32(00000014), ref: 0041A90D
Sleep.KERNEL32(00000014,00425200), ref: 0041A922
Sleep.KERNEL32(00000014), ref: 0041A92A
Sleep.KERNEL32(00000014), ref: 0041A932
Sleep.KERNEL32(00000014), ref: 0041A93A
Sleep.KERNEL32(00000014), ref: 0041A942
Sleep.KERNEL32(00000014), ref: 0041A94A
Sleep.KERNELBASE(00000014,00000000,?,?,00428E5C,?,00000000), ref: 0041A9A6
Sleep.KERNEL32(00000014), ref: 0041A9AE
Sleep.KERNEL32(00000014), ref: 0041A9B6
Sleep.KERNEL32(00000014), ref: 0041A9BE
Sleep.KERNEL32(00000014), ref: 0041A9C6
Sleep.KERNEL32(00000014), ref: 0041A9CE
Sleep.KERNEL32(00000014), ref: 0041A9D6
Sleep.KERNEL32(00000014), ref: 0041A9DE
Sleep.KERNEL32(00000014), ref: 0041A9E6
Sleep.KERNEL32(00000014), ref: 0041A9EE
Sleep.KERNEL32(00000014), ref: 0041A9F6
Sleep.KERNEL32(00000014), ref: 0041A9FE
Sleep.KERNEL32(00000014), ref: 0041AA0F
Sleep.KERNEL32(00000014), ref: 0041AA17
Sleep.KERNEL32(00000014), ref: 0041AA1F
Sleep.KERNEL32(00000014), ref: 0041AA27
Sleep.KERNEL32(00000014), ref: 0041AA2F
Sleep.KERNEL32(00000014), ref: 0041AA37
OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0041AA4D
Sleep.KERNEL32(00000014), ref: 0041AA5E
Sleep.KERNEL32(00000014), ref: 0041AA66
Sleep.KERNEL32(00000014), ref: 0041AA6E
Sleep.KERNEL32(00000014), ref: 0041AA76
Sleep.KERNEL32(00000014), ref: 0041AA7E
Sleep.KERNEL32(00000014), ref: 0041AA86
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041AA9B
Sleep.KERNEL32(00000014), ref: 0041AAA6
Sleep.KERNEL32(00000014), ref: 0041AAAE
Sleep.KERNEL32(00000014), ref: 0041AAB6
Sleep.KERNEL32(00000014), ref: 0041AABE
Sleep.KERNEL32(00000014), ref: 0041AAC6
Sleep.KERNEL32(00000014), ref: 0041AACE
Sleep.KERNEL32(00000014), ref: 0041AADA
Sleep.KERNEL32(00000014), ref: 0041AAE2
Sleep.KERNEL32(00000014), ref: 0041AAEA
Sleep.KERNEL32(00000014), ref: 0041AAF2
Sleep.KERNEL32(00000014), ref: 0041AAFA
Sleep.KERNEL32(00000014), ref: 0041AB02
CloseHandle.KERNEL32(00000000), ref: 0041AB0B
Sleep.KERNEL32(00001B58), ref: 0041AB16
Sleep.KERNEL32(00000014), ref: 0041AB1E
Sleep.KERNEL32(00000014), ref: 0041AB26
Sleep.KERNEL32(00000014), ref: 0041AB2E
Sleep.KERNEL32(00000014), ref: 0041AB36
Sleep.KERNEL32(00000014), ref: 0041AB3E
Sleep.KERNEL32(00000014), ref: 0041AB46
Sleep.KERNEL32(00000014), ref: 0041AB53
Sleep.KERNEL32(00000014), ref: 0041AB5B
Sleep.KERNEL32(00000014), ref: 0041AB63
Sleep.KERNEL32(00000014), ref: 0041AB6B
Sleep.KERNEL32(00000014), ref: 0041AB73
Sleep.KERNEL32(00000014), ref: 0041AB7B
Sleep.KERNEL32(00000014), ref: 0041AB83
Sleep.KERNEL32(00000014), ref: 0041AB8B
Sleep.KERNEL32(00000014), ref: 0041AB93
Sleep.KERNEL32(00000014), ref: 0041AB9B
Sleep.KERNEL32(00000014), ref: 0041ABA3
Sleep.KERNEL32(00000014), ref: 0041ABAB
Sleep.KERNEL32(00000014), ref: 0041ABB8
Sleep.KERNEL32(00000014), ref: 0041ABC0
Sleep.KERNEL32(00000014), ref: 0041ABC8
Sleep.KERNEL32(00000014), ref: 0041ABD0
Sleep.KERNEL32(00000014), ref: 0041ABD8
Sleep.KERNEL32(00000014), ref: 0041ABE0
Sleep.KERNEL32(00000014), ref: 0041ABE8
Sleep.KERNEL32(00000014), ref: 0041ABF0
Sleep.KERNEL32(00000014), ref: 0041ABF8
Sleep.KERNEL32(00000014), ref: 0041AC00
Sleep.KERNEL32(00000014), ref: 0041AC08
Sleep.KERNEL32(00000014), ref: 0041AC10
CloseHandle.KERNEL32(?), ref: 0041AC19
Sleep.KERNEL32(00000014), ref: 0041AC21
Sleep.KERNEL32(00000014), ref: 0041AC29
Sleep.KERNEL32(00000014), ref: 0041AC31
Sleep.KERNEL32(00000014), ref: 0041AC39
Sleep.KERNEL32(00000014), ref: 0041AC41
Sleep.KERNEL32(00000014), ref: 0041AC49
Sleep.KERNEL32(00000014), ref: 0041AC51
Sleep.KERNEL32(00000014), ref: 0041AC59
Sleep.KERNEL32(00000014), ref: 0041AC61
Sleep.KERNEL32(00000014), ref: 0041AC69
Sleep.KERNEL32(00000014), ref: 0041AC71
Sleep.KERNEL32(00000014), ref: 0041AC79
Sleep.KERNEL32(00000014), ref: 0041AC81
Sleep.KERNEL32(00000014), ref: 0041AC89
Sleep.KERNEL32(00000014), ref: 0041AC91
Sleep.KERNEL32(00000014), ref: 0041AC99
Sleep.KERNEL32(00000014), ref: 0041ACA1
Sleep.KERNEL32(00000014), ref: 0041ACA9
ExitProcess.KERNEL32 ref: 0041ACB1

Strings

kernel32.dll, xrefs: 0041A7A8
The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia, xrefs: 0041A792, 0041A833
Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea, xrefs: 0041A771, 0041A812
Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l, xrefs: 0041A787, 0041A828
The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On, xrefs: 0041A77C, 0041A81D
I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and, xrefs: 0041A79D, 0041A83E
Sleep, xrefs: 0041A7BC
GetSystemTime, xrefs: 0041A7CF

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Sleep$lstrlen$AddressCloseEventHandleProclstrcpy$CreateExitLibraryLoadOpenProcesslstrcat
String ID: GetSystemTime$I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and$Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l$Sleep$Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea$The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia$The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On$kernel32.dll
API String ID: 1968030747-1157189060
Opcode ID: 54532dd25730401e9619ccf941eb7a63a5c16019b915d8d70357fc5f908c5c95
Instruction ID: d0fc9c7f70cd4d74f070b5276f1611ca398b8472acf39be3ffb0404d49fc07f7
Opcode Fuzzy Hash: 54532dd25730401e9619ccf941eb7a63a5c16019b915d8d70357fc5f908c5c95
Instruction Fuzzy Hash: 40D1AB356E121DEFDB006BE0AC2EBE87A6AAB17702F551125B30E9D0F0DAB444C19F75

Function 0041AAD6 Relevance: 105.2, APIs: 70, Instructions: 160
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000014), ref: 0041AA0F
Sleep.KERNEL32(00000014), ref: 0041AA17
Sleep.KERNEL32(00000014), ref: 0041AA1F
Sleep.KERNEL32(00000014), ref: 0041AA27
Sleep.KERNEL32(00000014), ref: 0041AA2F
Sleep.KERNEL32(00000014), ref: 0041AA37
OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0041AA4D
Sleep.KERNEL32(00000014), ref: 0041AA5E
Sleep.KERNEL32(00000014), ref: 0041AA66
Sleep.KERNEL32(00000014), ref: 0041AA6E
Sleep.KERNEL32(00000014), ref: 0041AA76
Sleep.KERNEL32(00000014), ref: 0041AA7E
Sleep.KERNEL32(00000014), ref: 0041AA86
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041AA9B
Sleep.KERNEL32(00000014), ref: 0041AAA6
Sleep.KERNEL32(00000014), ref: 0041AAAE
Sleep.KERNEL32(00000014), ref: 0041AAB6
Sleep.KERNEL32(00000014), ref: 0041AABE
Sleep.KERNEL32(00000014), ref: 0041AAC6
Sleep.KERNEL32(00000014), ref: 0041AACE
Sleep.KERNEL32(00000014), ref: 0041AADA
Sleep.KERNEL32(00000014), ref: 0041AAE2
Sleep.KERNEL32(00000014), ref: 0041AAEA
Sleep.KERNEL32(00000014), ref: 0041AAF2
Sleep.KERNEL32(00000014), ref: 0041AAFA
Sleep.KERNEL32(00000014), ref: 0041AB02
CloseHandle.KERNEL32(00000000), ref: 0041AB0B
Sleep.KERNEL32(00001B58), ref: 0041AB16
Sleep.KERNEL32(00000014), ref: 0041AB1E
Sleep.KERNEL32(00000014), ref: 0041AB26
Sleep.KERNEL32(00000014), ref: 0041AB2E
Sleep.KERNEL32(00000014), ref: 0041AB36
Sleep.KERNEL32(00000014), ref: 0041AB3E
Sleep.KERNEL32(00000014), ref: 0041AB46
Sleep.KERNEL32(00000014), ref: 0041AB53
Sleep.KERNEL32(00000014), ref: 0041AB5B
Sleep.KERNEL32(00000014), ref: 0041AB63
Sleep.KERNEL32(00000014), ref: 0041AB6B
Sleep.KERNEL32(00000014), ref: 0041AB73
Sleep.KERNEL32(00000014), ref: 0041AB7B
Sleep.KERNEL32(00000014), ref: 0041AB83
Sleep.KERNEL32(00000014), ref: 0041AB8B
Sleep.KERNEL32(00000014), ref: 0041AB93
Sleep.KERNEL32(00000014), ref: 0041AB9B
Sleep.KERNEL32(00000014), ref: 0041ABA3
Sleep.KERNEL32(00000014), ref: 0041ABAB
Sleep.KERNEL32(00000014), ref: 0041ABB8
Sleep.KERNEL32(00000014), ref: 0041ABC0
Sleep.KERNEL32(00000014), ref: 0041ABC8
Sleep.KERNEL32(00000014), ref: 0041ABD0
Sleep.KERNEL32(00000014), ref: 0041ABD8
Sleep.KERNEL32(00000014), ref: 0041ABE0
Sleep.KERNEL32(00000014), ref: 0041ABE8
Sleep.KERNEL32(00000014), ref: 0041ABF0
Sleep.KERNEL32(00000014), ref: 0041ABF8
Sleep.KERNEL32(00000014), ref: 0041AC00
Sleep.KERNEL32(00000014), ref: 0041AC08
Sleep.KERNEL32(00000014), ref: 0041AC10
CloseHandle.KERNEL32(?), ref: 0041AC19
Sleep.KERNEL32(00000014), ref: 0041AC21
Sleep.KERNEL32(00000014), ref: 0041AC29
Sleep.KERNEL32(00000014), ref: 0041AC31
Sleep.KERNEL32(00000014), ref: 0041AC39
Sleep.KERNEL32(00000014), ref: 0041AC41
Sleep.KERNEL32(00000014), ref: 0041AC49
Sleep.KERNEL32(00000014), ref: 0041AC51
Sleep.KERNEL32(00000014), ref: 0041AC59
Sleep.KERNEL32(00000014), ref: 0041AC61
Sleep.KERNEL32(00000014), ref: 0041AC69
Sleep.KERNEL32(00000014), ref: 0041AC71
Sleep.KERNEL32(00000014), ref: 0041AC79
Sleep.KERNEL32(00000014), ref: 0041AC81
Sleep.KERNEL32(00000014), ref: 0041AC89
Sleep.KERNEL32(00000014), ref: 0041AC91
Sleep.KERNEL32(00000014), ref: 0041AC99
Sleep.KERNEL32(00000014), ref: 0041ACA1
Sleep.KERNEL32(00000014), ref: 0041ACA9
ExitProcess.KERNEL32 ref: 0041ACB1

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Sleep$CloseEventHandle$CreateExitOpenProcess
String ID:
API String ID: 3990214622-0
Opcode ID: 939382f14eacfc35bc189caa75c6057b8e340a7325aef0680f6e940db5972843
Instruction ID: 010346d2f35c5d2b6dfb22c7d70376198b9011b0162d7776d674804ad5e558a3
Opcode Fuzzy Hash: 939382f14eacfc35bc189caa75c6057b8e340a7325aef0680f6e940db5972843
Instruction Fuzzy Hash: AC5157395E620DEFEB006BE09D1EBE83666AB17706F151015B30E9C0F0CA7444C59F36

Function 00404E03 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 713
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

lstrlenA.KERNEL32(00000000), ref: 00404E8B

Part of subcall function 0041302D: CryptBinaryToStringA.CRYPT32(00000000,00404E7F,40000001,00000000,00000000), ref: 0041304A

StrCmpCA.SHLWAPI(?,00425200,00425200,00425200,00425200), ref: 00404EEF
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F17
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405025
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405082
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004050BA

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00428D7C,00000000,?,00000000,00000000), ref: 00405579
lstrlenA.KERNEL32(00000000), ref: 0040558D
GetProcessHeap.KERNEL32(00000000,?), ref: 0040559D
HeapAlloc.KERNEL32(00000000), ref: 004055A4
lstrlenA.KERNEL32(00000000), ref: 004055B9
memcpy.MSVCRT ref: 004055CF
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004055E6
memcpy.MSVCRT ref: 004055F3
lstrlenA.KERNEL32(00000000), ref: 00405604
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040561D
memcpy.MSVCRT ref: 0040562D
lstrlenA.KERNEL32(00000000,?,?), ref: 00405647
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 0040565A
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040568D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405730
StrCmpCA.SHLWAPI(00000000,block), ref: 004057A1
ExitProcess.KERNEL32 ref: 004057AD
InternetCloseHandle.WININET(00000000), ref: 00405824

Strings

", xrefs: 00405189, 004052C8, 0040540A, 00405548
file_data, xrefs: 00405520
build_id, xrefs: 004052A0
------, xrefs: 00404F80
block, xrefs: 00405790
------, xrefs: 004050C0, 00405200, 00405341, 00405480
ERROR, xrefs: 00405697, 004057B5
--, xrefs: 00404F69

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$Httpmemcpy$HeapOpenProcessRequestlstrcat$AllocBinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
String ID: ------$"$--$------$ERROR$block$build_id$file_data
API String ID: 291296625-1063948816
Opcode ID: 941268b52b4c2f1080921e961083cd3901daec87e8b66a8e899ed6db65051c96
Instruction ID: 347b2e4d89f66f0c0c6539a9aa54472735362a414d5b47530b2be4bc622c77f0
Opcode Fuzzy Hash: 941268b52b4c2f1080921e961083cd3901daec87e8b66a8e899ed6db65051c96
Instruction Fuzzy Hash: 76520E729101189ADB14FBA1EC96FDE7379AF15305F5080AAF216B21F1DF386A88CF54

Function 0041AD16 Relevance: 49.7, APIs: 33, Instructions: 151
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 0041AD54
GetProcAddress.KERNEL32 ref: 0041AD6B
GetProcAddress.KERNEL32 ref: 0041AD82
GetProcAddress.KERNEL32 ref: 0041AD99
GetProcAddress.KERNEL32 ref: 0041ADB0
GetProcAddress.KERNEL32 ref: 0041ADC7
GetProcAddress.KERNEL32 ref: 0041ADDE
GetProcAddress.KERNEL32 ref: 0041ADF5
GetProcAddress.KERNEL32 ref: 0041AE0C
GetProcAddress.KERNEL32 ref: 0041AE23
GetProcAddress.KERNEL32 ref: 0041AE3A
GetProcAddress.KERNEL32 ref: 0041AE51
GetProcAddress.KERNEL32 ref: 0041AE68
GetProcAddress.KERNEL32 ref: 0041AE7F
GetProcAddress.KERNEL32 ref: 0041AE96
GetProcAddress.KERNEL32 ref: 0041AEAD
GetProcAddress.KERNEL32 ref: 0041AEC4
GetProcAddress.KERNEL32 ref: 0041AEDB
GetProcAddress.KERNEL32 ref: 0041AEF2
GetProcAddress.KERNEL32 ref: 0041AF09
GetProcAddress.KERNEL32 ref: 0041AF20
LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF31
LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF42
LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF53
LoadLibraryA.KERNELBASE(?,0041A8B3), ref: 0041AF64
LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF75
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AF95
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFB5
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFCC
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFEC
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B00C
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B02C
GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B043

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 8ed0b4f8c3e954e1fc1dc6971364bbe040f0f26000e4905d9b82ffd922f5bdfa
Instruction ID: e6d1e2ba0aaa9db7fee79aa5ca47b6abfb0ed3e486351d87d65decbaef8ebfc5
Opcode Fuzzy Hash: 8ed0b4f8c3e954e1fc1dc6971364bbe040f0f26000e4905d9b82ffd922f5bdfa
Instruction Fuzzy Hash: DD81C679481214EFEB026F60FE19AA43FA3F70B345715712AE90689670E77648A8EF40

Function 004151E4 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 830
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 00411C63: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,Version: ,00425200), ref: 00411C70
Part of subcall function 00411C63: HeapAlloc.KERNEL32(00000000), ref: 00411C77
Part of subcall function 00411C63: GetLocalTime.KERNEL32(?), ref: 00411C84
Part of subcall function 00411C63: wsprintfA.USER32 ref: 00411CB1

Part of subcall function 004125CA: memset.MSVCRT ref: 004125F2
Part of subcall function 004125CA: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 00412612
Part of subcall function 004125CA: RegQueryValueExA.KERNELBASE(?,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00412639
Part of subcall function 004125CA: RegCloseKey.ADVAPI32(?), ref: 00412645
Part of subcall function 004125CA: CharToOemA.USER32(00000000,?), ref: 00412659

Part of subcall function 00412667: GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 00411948: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
Part of subcall function 00411948: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
Part of subcall function 00411948: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
Part of subcall function 00411948: HeapAlloc.KERNEL32(00000000), ref: 00411A1F

GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00428FE4,00000000,?,00000000,00000000,?,HWID: ,00000000,?,00428E48,00000000), ref: 00415497

Part of subcall function 00413563: OpenProcess.KERNEL32(00000410,00000000,004154AA), ref: 00413576
Part of subcall function 00413563: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00413596
Part of subcall function 00413563: CloseHandle.KERNEL32(00000000), ref: 0041359F

Part of subcall function 00411ADD: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411AF1
Part of subcall function 00411ADD: HeapAlloc.KERNEL32(00000000), ref: 00411AF8

Part of subcall function 004127AF: CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4), ref: 004127D9
Part of subcall function 004127AF: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00428E48,00000000,?), ref: 004127F1
Part of subcall function 004127AF: CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ), ref: 0041280D
Part of subcall function 004127AF: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000), ref: 00412855

Part of subcall function 004129BF: CoInitializeEx.OLE32(00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory,00000000,?,00428E48,00000000), ref: 004129E9
Part of subcall function 004129BF: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4), ref: 00412A01
Part of subcall function 004129BF: CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?), ref: 00412A1D
Part of subcall function 004129BF: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000), ref: 00412A65

Part of subcall function 00411C21: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00415711,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411C2D
Part of subcall function 00411C21: HeapAlloc.KERNEL32(00000000,?,?,?,00415711,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000,?), ref: 00411C34
Part of subcall function 00411C21: GetComputerNameA.KERNEL32(00000000,00000104), ref: 00411C4B

Part of subcall function 00411BEC: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041A955), ref: 00411BF8
Part of subcall function 00411BEC: HeapAlloc.KERNEL32(00000000,?,?,?,0041A955), ref: 00411BFF
Part of subcall function 00411BEC: GetUserNameA.ADVAPI32(?,00000104), ref: 00411C16

Part of subcall function 0041254A: CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 0041255C
Part of subcall function 0041254A: GetDeviceCaps.GDI32(?,00000008), ref: 0041256A
Part of subcall function 0041254A: GetDeviceCaps.GDI32(?,0000000A), ref: 00412578
Part of subcall function 0041254A: ReleaseDC.USER32(00000000,?), ref: 00412586
Part of subcall function 0041254A: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00412593
Part of subcall function 0041254A: HeapAlloc.KERNEL32(00000000), ref: 0041259A
Part of subcall function 0041254A: wsprintfA.USER32 ref: 004125B1

Part of subcall function 00411D31: GetKeyboardLayoutList.USER32(00000000,00000000,00425200), ref: 00411D59
Part of subcall function 00411D31: LocalAlloc.KERNEL32(00000040,?), ref: 00411D71
Part of subcall function 00411D31: GetKeyboardLayoutList.USER32(?,00000000), ref: 00411D83
Part of subcall function 00411D31: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00411DD3
Part of subcall function 00411D31: LocalFree.KERNEL32(00000000), ref: 00411E90

Part of subcall function 00411CBF: GetProcessHeap.KERNEL32(00000000,00000104,00428E48,00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411CCF
Part of subcall function 00411CBF: HeapAlloc.KERNEL32(00000000), ref: 00411CD6
Part of subcall function 00411CBF: GetTimeZoneInformation.KERNELBASE(?), ref: 00411CE9

Part of subcall function 00411EB5: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00411EC9
Part of subcall function 00411EB5: HeapAlloc.KERNEL32(00000000), ref: 00411ED0
Part of subcall function 00411EB5: RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000), ref: 00411EEF
Part of subcall function 00411EB5: RegQueryValueExA.KERNELBASE(00000000,00000000,00000000,000000FF,000000FF), ref: 00411F0D
Part of subcall function 00411EB5: RegCloseKey.ADVAPI32(00000000), ref: 00411F16

Part of subcall function 00411F54: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00411F87
Part of subcall function 00411F54: GetLastError.KERNEL32 ref: 00411F96

Part of subcall function 00411F21: GetSystemInfo.KERNELBASE(00000000), ref: 00411F2E
Part of subcall function 00411F21: wsprintfA.USER32 ref: 00411F43

Part of subcall function 00412081: GetProcessHeap.KERNEL32(00000000,00000104,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory), ref: 0041208E
Part of subcall function 00412081: HeapAlloc.KERNEL32(00000000), ref: 00412095
Part of subcall function 00412081: GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 004120B6
Part of subcall function 00412081: __aulldiv.LIBCMT ref: 004120CE
Part of subcall function 00412081: __aulldiv.LIBCMT ref: 004120DC
Part of subcall function 00412081: wsprintfA.USER32 ref: 004120FF

Part of subcall function 0041210D: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 00412148

Part of subcall function 0041246A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00412491
Part of subcall function 0041246A: Process32First.KERNEL32(00000000,00000128), ref: 004124A4
Part of subcall function 0041246A: Process32Next.KERNEL32(00000000,00000128), ref: 004124B8
Part of subcall function 0041246A: CloseHandle.KERNEL32(00000000), ref: 00412525

Part of subcall function 0041218B: RegOpenKeyExA.KERNELBASE(00000000,00000000,00020019,00000000,00425200), ref: 004121DE

Part of subcall function 0041218B: RegEnumKeyExA.KERNELBASE(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
Part of subcall function 0041218B: wsprintfA.USER32 ref: 0041228B
Part of subcall function 0041218B: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00020019,00000000), ref: 004122AC
Part of subcall function 0041218B: RegCloseKey.ADVAPI32(00000000), ref: 004122BC
Part of subcall function 0041218B: RegCloseKey.ADVAPI32(00000000), ref: 004122C8

lstrlenA.KERNEL32(00000000,00000000,?,00428FE4,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00428FE4), ref: 00415DE1

Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
Part of subcall function 00418DB9: CreateThread.KERNELBASE(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96

Strings

GUID: , xrefs: 00415357
Computer Name: , xrefs: 004156E4
[Processes], xrefs: 00415C78
Path: , xrefs: 0041546F
Processor: , xrefs: 00415A08
RAM: , xrefs: 00415B73
Keyboard Languages: , xrefs: 00415862
Threads: , xrefs: 00415AFA
Version: , xrefs: 004151FA
[Hardware], xrefs: 004159E0
AV: , xrefs: 00415658
Windows: , xrefs: 00415553
TimeZone: , xrefs: 00415967
User Name: , xrefs: 0041575D
VideoCard: , xrefs: 00415BEC
MachineID: , xrefs: 004152EA
Cores: , xrefs: 00415A81
Date: , xrefs: 00415283
[Software], xrefs: 00415D04
Display Resolution: , xrefs: 004157D6
Work Dir: In memory, xrefs: 00415503
Local Time: , xrefs: 004158EE
information.txt, xrefs: 00415DF6
Install Date: , xrefs: 004155CC
HWID: , xrefs: 004153E3

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CloseOpen$Createwsprintf$Initializelstrcpy$InformationLocalName$BlanketCapsCurrentDeviceEnumHandleInfoInstanceKeyboardLayoutListProcess32ProxyQuerySecurityTimeValue__aulldivlstrcatlstrlen$CharComputerDevicesDirectoryDisplayErrorFileFirstFreeGlobalLastLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 3808842183-1014693891
Opcode ID: ec29a3163d9d18987f0e179795c7a0416d16bd3ffa26116ace8d5c82db2c5aaf
Instruction ID: 98b063b3ea0cf676e7d3c9db5d6b4e855844e07ef84fbbd767ca72325addcb2a
Opcode Fuzzy Hash: ec29a3163d9d18987f0e179795c7a0416d16bd3ffa26116ace8d5c82db2c5aaf
Instruction Fuzzy Hash: BC629172900118AACB15F7A1DD96DDE7379AF14305F5042AFF226B21B1EF346B88CE58

Function 004083A6 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 265
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408450
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004084C9
RtlAllocateHeap.NTDLL(00000000), ref: 004084D0
lstrlenA.KERNEL32(00000000,00000000), ref: 0040856A
lstrcatA.KERNEL32(?), ref: 0040858F
lstrcatA.KERNEL32(?,00000000), ref: 004085A1
lstrcatA.KERNEL32(?,00428E50), ref: 004085AF
lstrcatA.KERNEL32(?,00000000), ref: 004085C1
lstrcatA.KERNEL32(?,00428E4C), ref: 004085CF
lstrcatA.KERNEL32(?), ref: 004085DE
lstrcatA.KERNEL32(?,00000000), ref: 004085F0
lstrcatA.KERNEL32(?,00428E48), ref: 004085FE
lstrcatA.KERNEL32(?), ref: 0040860D
lstrcatA.KERNEL32(?,00000000), ref: 0040861F
lstrcatA.KERNEL32(?,00428E48), ref: 0040862D
lstrcatA.KERNEL32(?), ref: 0040863C
lstrcatA.KERNEL32(?,00000000), ref: 0040864E
lstrcatA.KERNEL32(?,00428E48), ref: 0040865C
lstrcatA.KERNEL32(?,00428E48), ref: 0040866A
lstrlenA.KERNEL32(?), ref: 00408688
memset.MSVCRT ref: 004086D4
DeleteFileA.KERNELBASE(00000000), ref: 00408701

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 004135B9: memset.MSVCRT ref: 004135D4
Part of subcall function 004135B9: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041368A
Part of subcall function 004135B9: TerminateProcess.KERNEL32(00000000,00000000), ref: 004136A7
Part of subcall function 004135B9: CloseHandle.KERNEL32(00000000), ref: 004136B3

Strings

passwords.txt, xrefs: 00408697

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$Processlstrlen$FileHeapmemset$AllocateCloseCopyDeleteHandleOpenSystemTerminateTime
String ID: passwords.txt
API String ID: 1737540870-347816968
Opcode ID: e7516f4a65ce10130fd093f07ba65f7fdb76d7e0e32bba32449652ac384407af
Instruction ID: 4868cb4a0c5d8df9b0255056c1bbdf5f8baa826a61240bfbc382e0845978a72e
Opcode Fuzzy Hash: e7516f4a65ce10130fd093f07ba65f7fdb76d7e0e32bba32449652ac384407af
Instruction Fuzzy Hash: 00A11972900108AFDF05EBA1ED5AAED7B79FF15305F60502AF112B10B1EF3A5A44CB69

Function 00418FD9 Relevance: 34.5, APIs: 4, Strings: 15, Instructions: 1237
networksleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 004138BA: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004138F5
Part of subcall function 004138BA: Process32First.KERNEL32(00429888,00000128), ref: 00413908
Part of subcall function 004138BA: Process32Next.KERNEL32(00429888,00000128), ref: 0041391C
Part of subcall function 004138BA: StrCmpCA.SHLWAPI(?,0042988C), ref: 00413930
Part of subcall function 004138BA: FindCloseChangeNotification.KERNELBASE(00429888), ref: 00413943

CreateDirectoryA.KERNELBASE(00000000,00000000,00000000,?,?,?,00425200,00000000), ref: 00419657
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0041972D
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00419747

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 00411948: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
Part of subcall function 00411948: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
Part of subcall function 00411948: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
Part of subcall function 00411948: HeapAlloc.KERNEL32(00000000), ref: 00411A1F

Part of subcall function 004043FA: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404492
Part of subcall function 004043FA: StrCmpCA.SHLWAPI(?), ref: 004044B2

Part of subcall function 00414F8C: StrCmpCA.SHLWAPI(00000000,block), ref: 00414FB1
Part of subcall function 00414F8C: ExitProcess.KERNEL32 ref: 00414FBD

Part of subcall function 0040F99F: StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
Part of subcall function 0040F99F: StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75

Part of subcall function 004058C4: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040595F
Part of subcall function 004058C4: StrCmpCA.SHLWAPI(?), ref: 00405975

Part of subcall function 0041497B: strtok_s.MSVCRT ref: 004149A3
Part of subcall function 0041497B: strtok_s.MSVCRT ref: 00414A94

Part of subcall function 00417B07: lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00417B40
Part of subcall function 00417B07: lstrcatA.KERNEL32(?), ref: 00417B5E

Sleep.KERNEL32(000003E8), ref: 00419AFA

Part of subcall function 00417C93: memset.MSVCRT ref: 00417CAA
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417CD1
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.azure\), ref: 00417CEE
Part of subcall function 00417C93: memset.MSVCRT ref: 00417D2E
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417D55
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.aws\), ref: 00417D72
Part of subcall function 00417C93: memset.MSVCRT ref: 00417DB2
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417DD9
Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00417DF6

Part of subcall function 00404E03: lstrlenA.KERNEL32(00000000), ref: 00404E8B
Part of subcall function 00404E03: StrCmpCA.SHLWAPI(?,00425200,00425200,00425200,00425200), ref: 00404EEF
Part of subcall function 00404E03: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F17

Strings

.exe, xrefs: 00419557, 00419EF7
arp, xrefs: 00419FF8
d, xrefs: 00419106
org, xrefs: 0041A082
_DEBUG.zip, xrefs: 0041A0C1
d, xrefs: 0041A1C0
tea, xrefs: 00419F9C
2, xrefs: 004191C9
d, xrefs: 00419188
dabl, xrefs: 0041A026
2, xrefs: 0041A169
d, xrefs: 00419147
http://, xrefs: 00419F6E
d, xrefs: 0041A26E
d, xrefs: 0041A217

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$InternetOpenlstrcpy$lstrlenmemset$CreateDirectoryHeapProcessProcess32strtok_s$AllocChangeCloseExitFindFirstInformationNextNotificationSleepSnapshotToolhelp32VolumeWindows
String ID: .exe$2$2$_DEBUG.zip$arp$d$d$d$d$d$d$dabl$http://$org$tea
API String ID: 4021577771-4025179836
Opcode ID: d8ddd20c65dbe4accbe59cdc2a04e807221df0d548ce8610666dd4a4d36cae5e
Instruction ID: 114828df09490f9f1d13115ca2c7a84a7d1e175cc6150afb538a57f6698be508
Opcode Fuzzy Hash: d8ddd20c65dbe4accbe59cdc2a04e807221df0d548ce8610666dd4a4d36cae5e
Instruction Fuzzy Hash: 93B22F71D041289ADB14FB61DC96ADDB778AB11304F5440EAE50EA21A1DF3C6FC8CF69

Function 00408741 Relevance: 32.0, APIs: 21, Instructions: 471
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004118F6: StrCmpCA.SHLWAPI(?,?), ref: 00411913

GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408A97
RtlAllocateHeap.NTDLL(00000000), ref: 00408A9E
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408885

Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

lstrcatA.KERNEL32(?,00000000,00000000,00428E58,00428E58,00000000), ref: 00408BCD
lstrcatA.KERNEL32(?,00428E54), ref: 00408BDB
lstrcatA.KERNEL32(?,00000000), ref: 00408BED
lstrcatA.KERNEL32(?,00428E54), ref: 00408BFB
lstrcatA.KERNEL32(?,00000000), ref: 00408C0D
lstrcatA.KERNEL32(?,00428E54), ref: 00408C1B
lstrcatA.KERNEL32(?,00000000), ref: 00408C2D
lstrcatA.KERNEL32(?,00428E54), ref: 00408C3B
lstrcatA.KERNEL32(?,00000000), ref: 00408C4D
lstrcatA.KERNEL32(?,00428E54), ref: 00408C5B
lstrcatA.KERNEL32(?,00000000), ref: 00408C6D
lstrcatA.KERNEL32(?,00428E54), ref: 00408C7B
lstrcatA.KERNEL32(?,00000000), ref: 00408CBD
lstrcatA.KERNEL32(?,00428E48), ref: 00408CD6
lstrlenA.KERNEL32(?), ref: 00408D14
lstrlenA.KERNEL32(?), ref: 00408D22
memset.MSVCRT ref: 00408D6D

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

DeleteFileA.KERNELBASE(00000000), ref: 00408D92

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessmemset
String ID:
API String ID: 1498849721-0
Opcode ID: 9e96b593e49dfbaf82baf5f3f7b14edd2bd44551348f714d62c2555fbf218532
Instruction ID: 75b67620860664da6d1f04eed94d7d10b36c4f27a8908ca0f5e9c5d632b00ffa
Opcode Fuzzy Hash: 9e96b593e49dfbaf82baf5f3f7b14edd2bd44551348f714d62c2555fbf218532
Instruction Fuzzy Hash: 02021D71900109AADB05FBA1ED56EEE7779EF11309F50406AF216B10F1EF395A88CB68

Function 0042095B Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 617
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

T, xrefs: 00420CE3
U, xrefs: 00420CDC

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID: T$U
API String ID: 0-2115836835
Opcode ID: 99600ca26cd40479c24d6afcf87e3701920162de9db507c3cec10010fcb97d47
Instruction ID: 4e7ab3bbaac243ee1ce136935939dafd3e3fd9ddb02e4ea4b8407d5d40478ec4
Opcode Fuzzy Hash: 99600ca26cd40479c24d6afcf87e3701920162de9db507c3cec10010fcb97d47
Instruction Fuzzy Hash: 626218B4A042A9CFDB20CF54D884BE9B7B4AF14305F5440DBEA09A7252D7389E89CF59

Function 004043FA Relevance: 28.5, APIs: 12, Strings: 4, Instructions: 451
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404492
StrCmpCA.SHLWAPI(?), ref: 004044B2
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040462C
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00404682
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004046BA

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00425200,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 0040497C
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404998
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004049AB
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004049D5
InternetCloseHandle.WININET(00000000), ref: 00404A38
InternetCloseHandle.WININET(00000000), ref: 00404A4F
InternetCloseHandle.WININET(00000000), ref: 00404A58

Strings

", xrefs: 00404788, 004048C7
build_id, xrefs: 0040489F
------, xrefs: 00404534, 004046C0, 004047FF
hwid, xrefs: 00404760

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
String ID: "$------$build_id$hwid
API String ID: 3006978581-50533134
Opcode ID: cceb3a196459d883b403675918582489495ab2fed22875715751cb834377af79
Instruction ID: 067cb1f7702ceabbac9578a1173a021fc80b9e748851ef74f8b32e742b117f95
Opcode Fuzzy Hash: cceb3a196459d883b403675918582489495ab2fed22875715751cb834377af79
Instruction Fuzzy Hash: 22124E71900218AADB15EBA1DD92FDEB379BF15305F5000AAF216B21E1DF386B88CF54

Function 004127AF Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 172
memorycomtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4), ref: 004127D9
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00428E48,00000000,?), ref: 004127F1
CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ), ref: 0041280D
CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000), ref: 00412855
VariantInit.OLEAUT32(?), ref: 004128C1
FileTimeToSystemTime.KERNEL32(?,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 004128FA
GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 00412907
HeapAlloc.KERNEL32(00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 0041290E
wsprintfA.USER32 ref: 0041293D
VariantClear.OLEAUT32(?), ref: 00412955

Strings

InstallDate, xrefs: 004128D1
WQL, xrefs: 00412871
ROOT\CIMV2, xrefs: 00412817
Select * From Win32_OperatingSystem, xrefs: 0041285F
%d/%d/%d %d:%d:%d, xrefs: 00412935
Unknown, xrefs: 0041296A, 0041297E, 004129A0

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: HeapInitializeTimeVariant$AllocBlanketClearCreateFileInitInstanceProcessProxySecuritySystemwsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
API String ID: 1977436990-271508173
Opcode ID: ba33cfd2da918b761e9130eb7da6f96fb9872cbbfcfe80a5cabb4ca5af105773
Instruction ID: b87b7ae96d8d1a7714e06012ec36ed585f0f60198b44980e8310200412a3d949
Opcode Fuzzy Hash: ba33cfd2da918b761e9130eb7da6f96fb9872cbbfcfe80a5cabb4ca5af105773
Instruction Fuzzy Hash: B561F671A40218BFDB10DB94DD46FEDBBB8BB08B11F604116F611FA1D0C7B8A991CB69

Function 00404239 Relevance: 27.1, APIs: 12, Strings: 6, Instructions: 73memorystringCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNELBASE(00000040,?,?,?,?,?,0040234D,004257D0,AVAI4Z1EK55HX1Z,0000000F,?,0041A87E), ref: 00404246
wcslen.MSVCRT ref: 00404272
wcslen.MSVCRT ref: 0040427D
wcslen.MSVCRT ref: 00404288
wcslen.MSVCRT ref: 00404293
strlen.MSVCRT ref: 004042A5
wcslen.MSVCRT ref: 004042CA
wcslen.MSVCRT ref: 004042D5
wcslen.MSVCRT ref: 004042E2
wcslen.MSVCRT ref: 004042ED
wcslen.MSVCRT ref: 004042F8
wcslen.MSVCRT ref: 00404303

Strings

Ici Radio-Canada Tl (stylized as ICI Radio-Canada Tl, and sometimes abbreviated as Ici Tl) is a Canadian French-language fre, xrefs: 0040428E, 004042FE
Organ perforation is a complete penetration of the wall of a hollow organ in the body, such as the gastrointestinal tract in the c, xrefs: 00404278, 004042E8
Chrysorabdia bivitta is a moth of the subfamily Arctiinae first described by Francis Walker in 1856., xrefs: 0040426D, 004042DD
The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 004042C5
GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 004042D0
Niedert is an Ortsgemeinde , xrefs: 00404283, 004042F3

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: wcslen$AllocLocalstrlen
String ID: Chrysorabdia bivitta is a moth of the subfamily Arctiinae first described by Francis Walker in 1856.$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$Ici Radio-Canada Tl (stylized as ICI Radio-Canada Tl, and sometimes abbreviated as Ici Tl) is a Canadian French-language fre$Niedert is an Ortsgemeinde $Organ perforation is a complete penetration of the wall of a hollow organ in the body, such as the gastrointestinal tract in the c$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser
API String ID: 224765317-2971033767
Opcode ID: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
Instruction ID: 15c8a1cfb45bc9c132fd9fd4faededd5fc4f4c62c30039555f1f88a1b54c1e58
Opcode Fuzzy Hash: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
Instruction Fuzzy Hash: 9A213071785268AFDB04EBE9F8C7B5CBBE4EFD4714FA0006FF40496191DEB869408619

Function 00404AD5 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 197networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404B22
RtlAllocateHeap.NTDLL(00000000), ref: 00404B29
InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404B54
StrCmpCA.SHLWAPI(?), ref: 00404B6D
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BA1
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 00404C00
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00404C38
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C49
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00404C74
InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00404D05
InternetCloseHandle.WININET(00000000), ref: 00404D9B
InternetCloseHandle.WININET(00000000), ref: 00404DA7
InternetCloseHandle.WININET(00000000), ref: 00404DC5

Strings

GET, xrefs: 00404BF5

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET
API String ID: 442264750-1805413626
Opcode ID: f16c31e6c77223db1b221cad6f523a7c8a9ce9fa98b564ab69779ee6bb960051
Instruction ID: d037288fe89579f4ab5843d1a5928f681561e61fb867290b5a494df79b11f7d7
Opcode Fuzzy Hash: f16c31e6c77223db1b221cad6f523a7c8a9ce9fa98b564ab69779ee6bb960051
Instruction Fuzzy Hash: 769115B4900228AFDF20DF50DC45BEEB7B5BB45306F1040EAE609B6291DB796AC4DF49

Function 0041218B Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 164registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

RegOpenKeyExA.KERNELBASE(00000000,00000000,00020019,00000000,00425200), ref: 004121DE
RegEnumKeyExA.KERNELBASE(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
wsprintfA.USER32 ref: 0041228B
RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00020019,00000000), ref: 004122AC
RegCloseKey.ADVAPI32(00000000), ref: 004122BC
RegCloseKey.ADVAPI32(00000000), ref: 004122C8

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Strings

?, xrefs: 004121B9
%s\%s, xrefs: 0041227F
- , xrefs: 004123D0

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: db84e063afdd8ab9a369cff0a91b897787bc4edace59e265c4489125e3bbefbc
Instruction ID: 317e1264205bd673c815d3a78023c7176152d2c53d3ea0851a7731e254f809d5
Opcode Fuzzy Hash: db84e063afdd8ab9a369cff0a91b897787bc4edace59e265c4489125e3bbefbc
Instruction Fuzzy Hash: 1C71F47290012CABEB64EB50DD45FD973B9BF04305F5086EAE209A20A1DF746BC9CF94

Function 00406312 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 184networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
StrCmpCA.SHLWAPI(?), ref: 00406390
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040647E
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064F3
InternetCloseHandle.WININET(00000000), ref: 0040657C
InternetCloseHandle.WININET(00000000), ref: 00406585
InternetCloseHandle.WININET(00000000), ref: 0040658E

Strings

GET, xrefs: 00406402
ERROR, xrefs: 00406488, 0040654F

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$GET
API String ID: 3749127164-3591763792
Opcode ID: 963ac1e056751af433d780a8216807e69140fad55e256c3b4c315ddae2ff65c2
Instruction ID: 51cd531d8c454c4eabdc451ce72ca3cccbe2bef7883915b0542a7032e80e54d3
Opcode Fuzzy Hash: 963ac1e056751af433d780a8216807e69140fad55e256c3b4c315ddae2ff65c2
Instruction Fuzzy Hash: 9E710871900218EFDF21EFA0DC45BDD7B75AB05305F6040AAF606BA1E0DBB96A94CF49

Function 00418167 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 749COMMON

Download Yara Rule

APIs

Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004182BD
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418321

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 00417E48: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00417E8B

Part of subcall function 00417F35: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00417F96
Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 00417FAD
Part of subcall function 00417F35: StrStrA.SHLWAPI(00000000,00000000), ref: 00417FDD
Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 00417FF9
Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 0041801F

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041840E
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418519
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00418606
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418711
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004187FE
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418909
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418B01

Strings

ERROR, xrefs: 004182AF, 00418313, 00418400, 0041850B, 004185F8, 00418703, 004187F0, 004188FB, 004189E8, 00418AF3

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: ERROR
API String ID: 2001356338-2861137601
Opcode ID: 601a58bd0b0876066a53ea39e9bf7ef070bc13c226733b0f19d5a4e6bce83ed6
Instruction ID: 2f695ca300a8a73312befe9c8800e9116e76318d555d5372ca32ba18f7f60556
Opcode Fuzzy Hash: 601a58bd0b0876066a53ea39e9bf7ef070bc13c226733b0f19d5a4e6bce83ed6
Instruction Fuzzy Hash: 2D4232719001085ACB14FBF1ED5B9EE7378AF10305F90416FF516A61E2EF7C9A88CA99

Function 00411948 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 116memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
HeapAlloc.KERNEL32(00000000), ref: 00411A1F
wsprintfA.USER32 ref: 00411A54
lstrcatA.KERNEL32(00000000,00429270), ref: 00411A65

Part of subcall function 00412667: GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674

lstrlenA.KERNEL32(00000000), ref: 00411A7E

Part of subcall function 004136CE: malloc.MSVCRT ref: 004136D5
Part of subcall function 004136CE: strncpy.MSVCRT ref: 004136EB

lstrcatA.KERNEL32(00000000,00000000), ref: 00411AAC

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Strings

\, xrefs: 00411982
:, xrefs: 0041197E
C, xrefs: 0041196E

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
String ID: :$C$\
API String ID: 2389002695-3809124531
Opcode ID: 23f1d57f010f06b3a3b0b73a3a18805c0e588e37821cf8b5f81c9e51efc94560
Instruction ID: b4310f208fa9535f9906633d23b413fd942b8933ce9b069d1c57af1ba558f1c2
Opcode Fuzzy Hash: 23f1d57f010f06b3a3b0b73a3a18805c0e588e37821cf8b5f81c9e51efc94560
Instruction Fuzzy Hash: EC417E71D0024CAFDF10EBA0DD59BED7BB8AF05305F10009AF219A61A1DB799BC4CB68

Function 0040613F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004061A8
StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,?), ref: 004061E6
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00406229
CreateFileA.KERNELBASE(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?), ref: 0040624D
InternetReadFile.WININET(8cA,?,00000400,?), ref: 00406271
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?), ref: 0040629D
CloseHandle.KERNEL32(?,?,00000400,?,?,?,?,?,?,?), ref: 004062DB
InternetCloseHandle.WININET(8cA), ref: 004062E4
InternetCloseHandle.WININET(?), ref: 004062F0

Strings

8cA, xrefs: 004062E1, 0040626E

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID: 8cA
API String ID: 2507841554-2586977368
Opcode ID: 23bbd80859a5ae626456c0e29d0c535548952ba2e1dd46435b22cc47d41a132e
Instruction ID: 322e9e665ac9740ae3a6c79426317fb00e7d6d1b0345a24b3972b26df0cd3c85
Opcode Fuzzy Hash: 23bbd80859a5ae626456c0e29d0c535548952ba2e1dd46435b22cc47d41a132e
Instruction Fuzzy Hash: BC515CB190021CABDF20EF60DC45BED7779FB01305F1050AAE616BA1E1DB786A99CF58

Function 0040F99F Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 360COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75
StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FB84

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD

Strings

firefox, xrefs: 0040FDE2
Stable\, xrefs: 0040FA90, 0040FCF8

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$firefox
API String ID: 3722407311-3160656979
Opcode ID: 4574c3fe41a2655a61f88f0eef0b3d3de2eb2ac0277edcd828de38c39bfa1635
Instruction ID: 87d147e04e3a24980a39275aa9b0abb6dd5f2e96552c08bd51d602dc9e077d04
Opcode Fuzzy Hash: 4574c3fe41a2655a61f88f0eef0b3d3de2eb2ac0277edcd828de38c39bfa1635
Instruction Fuzzy Hash: 18D16772A001099BCF24FBB5DD96FDD77B9BB50304F10402AE906EB1A1EE35DA48C795

Function 00412081 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory), ref: 0041208E
HeapAlloc.KERNEL32(00000000), ref: 00412095
GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 004120B6
__aulldiv.LIBCMT ref: 004120CE
__aulldiv.LIBCMT ref: 004120DC
wsprintfA.USER32 ref: 004120FF

Strings

%d MB, xrefs: 004120F7
@, xrefs: 004120AB

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: e44640eb945edcdb330fccb508c3ea3b329ff7572ab2c3ac08101b3669067511
Instruction ID: da943534dc948d73dd967abc6d37c718adf03b454bdf056c0f5a7879574b1967
Opcode Fuzzy Hash: e44640eb945edcdb330fccb508c3ea3b329ff7572ab2c3ac08101b3669067511
Instruction Fuzzy Hash: 71015EB0E40218BFEF00AFE0DC0ABADBBB9FB05749F104409F314B9090C7B866519B58

Function 0040430F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00404373
??_U@YAPAXI@Z.MSVCRT ref: 00404387
??_U@YAPAXI@Z.MSVCRT ref: 0040439B
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9

Strings

<, xrefs: 0040435B
<, xrefs: 0040431A

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <$<
API String ID: 1274457161-213342407
Opcode ID: 94d81e5e955a971915de60a229a9877af64f0f003ab4a34939c35b93bd59b886
Instruction ID: 01f5d62e614e23a6b162f059a70a9e0953d43a02f97c16b9683ed6508c4b1ff7
Opcode Fuzzy Hash: 94d81e5e955a971915de60a229a9877af64f0f003ab4a34939c35b93bd59b886
Instruction Fuzzy Hash: 48214771D00218AFDB10DFA9E881BCDBBB4BB04324F10815AE669F72A0DB345A85CF10

Function 004125CA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004125F2
RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 00412612
RegQueryValueExA.KERNELBASE(?,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00412639
RegCloseKey.ADVAPI32(?), ref: 00412645
CharToOemA.USER32(00000000,?), ref: 00412659

Strings

MachineGuid, xrefs: 0041262E
SOFTWARE\Microsoft\Cryptography, xrefs: 00412608

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValuememset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2391366103-1211650757
Opcode ID: 195b74b0a96cc35dac2f772ac61cfb819d8275be74710b7e5bc2e41235a95a6e
Instruction ID: 19f088c07c09de6674c761c0d1b751acc79a05fefe0ca058460f00b60f9401a7
Opcode Fuzzy Hash: 195b74b0a96cc35dac2f772ac61cfb819d8275be74710b7e5bc2e41235a95a6e
Instruction Fuzzy Hash: 1B016275A4022DBBDB209B50DD4AFDA777CEB14704F5001E1B688F6091DBF46AC48F54

Function 00417F35 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 00406312: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
Part of subcall function 00406312: StrCmpCA.SHLWAPI(?), ref: 00406390
Part of subcall function 00406312: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
Part of subcall function 00406312: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
Part of subcall function 00406312: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
Part of subcall function 00406312: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00417F96
lstrlenA.KERNEL32(00000000), ref: 00417FAD

Part of subcall function 00412FD6: LocalAlloc.KERNELBASE(00000040,00000001), ref: 00412FF2

StrStrA.SHLWAPI(00000000,00000000), ref: 00417FDD
lstrlenA.KERNEL32(00000000), ref: 00417FF9
lstrlenA.KERNEL32(00000000), ref: 0041801F

Strings

ERROR, xrefs: 00417F88, 0041802A, 0041809C, 004180D6, 0041810D

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR
API String ID: 3240024479-2861137601
Opcode ID: e56dbd6892063ce075c71f30584f65b6369d35785078b77fb4a32cfd08f74c49
Instruction ID: 82a00ccf74cc6928f093117e63f16261f372f6c033bbdc91f1bb176def9d3ff2
Opcode Fuzzy Hash: e56dbd6892063ce075c71f30584f65b6369d35785078b77fb4a32cfd08f74c49
Instruction Fuzzy Hash: 24511A71910108ABCB04FFA1D956AED7774BF11309F60402EF916A61F2DF39AA89CA48

Function 00412213 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNELBASE(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
wsprintfA.USER32 ref: 0041228B
RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00020019,00000000), ref: 004122AC
RegCloseKey.ADVAPI32(00000000), ref: 004122BC
RegCloseKey.ADVAPI32(00000000), ref: 004122C8

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

RegQueryValueExA.KERNELBASE(00000000,00000000,000F003F,?,00000400), ref: 0041231A
lstrlenA.KERNEL32(?), ref: 0041232F
RegQueryValueExA.KERNELBASE(00000000,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00428E48), ref: 004123C6
RegCloseKey.ADVAPI32(00000000), ref: 00412434
RegCloseKey.ADVAPI32(00000000), ref: 00412445

Strings

%s\%s, xrefs: 0041227F

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: c05b9aeffa2524c3aa9bcda23acaed7832a6b4e564aa8b15d5e8c89861718145
Instruction ID: d7cee1983acf12d4360d724bf4cc3a4c29cf8c0d886bd7a19f0679c37ebee969
Opcode Fuzzy Hash: c05b9aeffa2524c3aa9bcda23acaed7832a6b4e564aa8b15d5e8c89861718145
Instruction Fuzzy Hash: 1721F27590012CAFEB609B50DD45BD9B7B9FF08304F4094E5E649A60A0CF749AD98F94

Function 00411ADD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411AF1
HeapAlloc.KERNEL32(00000000), ref: 00411AF8
RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000), ref: 00411B29
RegQueryValueExA.KERNELBASE(00000000,00000000,00000000,?,000000FF), ref: 00411B47
RegCloseKey.ADVAPI32(00000000), ref: 00411B50

Strings

Windows 11, xrefs: 00411B0A

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
Instruction ID: 3f27d459ef3b4295677ace20887899c1ffae7c715c4ca525cf07eb428eb26eef
Opcode Fuzzy Hash: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
Instruction Fuzzy Hash: 84013C34A44208FBEB10ABE0EC0AB9D7B7AFB06744F1050A5F701AA1A1E7749A94DB14

Function 00411B5B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411B6F
HeapAlloc.KERNEL32(00000000), ref: 00411B76
RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00411B06), ref: 00411B95
RegQueryValueExA.KERNELBASE(00411B06,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 00411BB2
RegCloseKey.ADVAPI32(00411B06), ref: 00411BBB

Strings

CurrentBuildNumber, xrefs: 00411BAA

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 6763c454cfa2fbe29bba7aff6e2c919a48f957ef8388f20bd06a009583ecdfc3
Instruction ID: 29d7a5e80dbd030fd5711505aedc04f660bf528dc6b38352957baa02463c1007
Opcode Fuzzy Hash: 6763c454cfa2fbe29bba7aff6e2c919a48f957ef8388f20bd06a009583ecdfc3
Instruction Fuzzy Hash: 42F04F75A40209FFEB00AFE0EC0AFEDBBB9FB05704F101095F200A90A1D7B05690DB54

Function 00407CDF Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
LocalAlloc.KERNELBASE(00000040,?), ref: 00407D48
ReadFile.KERNELBASE(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
LocalFree.KERNEL32(00000000), ref: 00407DA0
CloseHandle.KERNEL32(000000FF), ref: 00407DA9

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: b0c26b6f574b650b3bbe433578a167a4ae74d057130e38fdececdba59a5ca05d
Instruction ID: 20c10e672a0f3402bfbef9d3d1be989891e350540804f4a5b6ad44830b3c41ef
Opcode Fuzzy Hash: b0c26b6f574b650b3bbe433578a167a4ae74d057130e38fdececdba59a5ca05d
Instruction Fuzzy Hash: 6C31F174E00209EFDF11DFA4D849BEE7BB5BF0A301F104065E911AB2A0D778AA91CF55

Function 0041FD2C Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0041FD9F

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 28e4449246bdff4538dfa03a6f885fd424cd5e53fb953e1d424f3e4a8a48cfb0
Instruction ID: 5f3c8af357893ed153ccb181933e0c92fd25f58187f5847643f7a6c701f82d74
Opcode Fuzzy Hash: 28e4449246bdff4538dfa03a6f885fd424cd5e53fb953e1d424f3e4a8a48cfb0
Instruction Fuzzy Hash: D561CE70A00209DFDB10CF54D948BAEB7F1BB04725F258166E515AB391C3B4DE86CB6A

Function 00407F8E Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 00407CDF: CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
Part of subcall function 00407CDF: LocalAlloc.KERNELBASE(00000040,?), ref: 00407D48
Part of subcall function 00407CDF: ReadFile.KERNELBASE(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9

Part of subcall function 00412FD6: LocalAlloc.KERNELBASE(00000040,00000001), ref: 00412FF2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00407FDF

Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407DE6
Part of subcall function 00407DC2: LocalAlloc.KERNEL32(00000040,00406095,?,?,00406095,00000000,?), ref: 00407DF7
Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407E1D
Part of subcall function 00407DC2: LocalFree.KERNEL32(00000000,?,?,00406095,00000000,?), ref: 00407E31

memcmp.MSVCRT ref: 00408034

Part of subcall function 00407E41: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
Part of subcall function 00407E41: LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
Part of subcall function 00407E41: LocalFree.KERNEL32(?), ref: 00407EAB

Strings

, xrefs: 00408062
DPAPI, xrefs: 0040802C
"encrypted_key":", xrefs: 00407FD7

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
String ID: $"encrypted_key":"$DPAPI
API String ID: 1204593910-738592651
Opcode ID: cb5a7b3697549c6f230e63b8f069386ffd445f3a9418a1f9903da71664ec03a3
Instruction ID: 8d589a117900b415cc4759a7c5c28772ff61d9ce457947e60a2fc3858aeb04fe
Opcode Fuzzy Hash: cb5a7b3697549c6f230e63b8f069386ffd445f3a9418a1f9903da71664ec03a3
Instruction Fuzzy Hash: 74310E71D0010DABDF11DBA5DD45BEEBBB8AF04304F14012AE840B2291EB799A58DB99

Function 004126A3 Relevance: 7.6, APIs: 5, Instructions: 84commemoryCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0042AC28,00000000,00000001,004292EC,00000000,?,?,?,?,004128EF), ref: 004126EA
SysAllocString.OLEAUT32(?), ref: 00412700
_wtoi64.MSVCRT ref: 0041274D
SysFreeString.OLEAUT32(?), ref: 00412771
SysFreeString.OLEAUT32(00000000), ref: 0041277A

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateInstance_wtoi64
String ID:
API String ID: 1817501562-0
Opcode ID: f48b06c7123509e446c0da83949f76becdf3deb21f21affda6d357694f029a8c
Instruction ID: 58adf380e0662d1b76d21edb75c8d821cdd3313fccb4f2387b68fcf25dfbec8a
Opcode Fuzzy Hash: f48b06c7123509e446c0da83949f76becdf3deb21f21affda6d357694f029a8c
Instruction Fuzzy Hash: 2E310575E04219EFCB05DFA9D849BEEBBB4FB08315F00416AE911E32A0C7795951CFA4

Function 00411EB5 Relevance: 7.5, APIs: 5, Instructions: 32registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00411EC9
HeapAlloc.KERNEL32(00000000), ref: 00411ED0
RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000), ref: 00411EEF
RegQueryValueExA.KERNELBASE(00000000,00000000,00000000,000000FF,000000FF), ref: 00411F0D
RegCloseKey.ADVAPI32(00000000), ref: 00411F16

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
Instruction ID: 2ba135963ef3e1c949db86b07d2e2a79437377d0b90cfecc595d9e25d7200812
Opcode Fuzzy Hash: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
Instruction Fuzzy Hash: C2F03A79A40208FFEB10AFE0EC0AF9DBBBAFB06745F105064F701A91A0D77156949F40

Function 0040F9BD Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75
StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FB84

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD

Strings

Stable\, xrefs: 0040FA90

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\
API String ID: 3722407311-272486606
Opcode ID: b1a1266439bdf2a0e8ec9dc9193cdc2636f5054d60504534493cfb04d58e2737
Instruction ID: 7cd2c182165b9fee31fd49b72ff1b8ad9c7a36b01791bf89c52de0b726780448
Opcode Fuzzy Hash: b1a1266439bdf2a0e8ec9dc9193cdc2636f5054d60504534493cfb04d58e2737
Instruction Fuzzy Hash: CD511271A00109ABCF14FBB5DD96BDD77B9BB60304F10402AE906EB1A1EE35DB49CB85

Function 21FDFD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,?,?,?,?), ref: 21FDFE03

Strings

winRead, xrefs: 21FDFE3D
delayed %dms for lock/sharing conflict at line %d, xrefs: 21FDFE78

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: ffdd1d66e379a6477627dbcf40d698e7a2d20228e1085873ffa4d59de6724c52
Instruction ID: e48e159afa57dae7d87f0972167f8a9b2950af51b2d964119ddc8286b4369653
Opcode Fuzzy Hash: ffdd1d66e379a6477627dbcf40d698e7a2d20228e1085873ffa4d59de6724c52
Instruction Fuzzy Hash: 6A41E3B3604305AFC304DF64CD84D7BB7AAFF84710F89092DF96482641D776E9198BA2

Function 00408203 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNELBASE(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 00408220
LoadLibraryA.KERNELBASE ref: 004082A8

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,00428E34,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00425200), ref: 00408294

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00408215, 00408229, 0040823F

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 33191907c34fe30b91932b9d02352948c94fa74ece7802ec8efd6249ff31ed7f
Instruction ID: 84292c169819be5b53b0aa043c90a357ac7ef937680942749e622d56a9f64c6e
Opcode Fuzzy Hash: 33191907c34fe30b91932b9d02352948c94fa74ece7802ec8efd6249ff31ed7f
Instruction Fuzzy Hash: 91413931905245DFEB05EBA1FD66AE937B6FB04305F20612EE901A12F1DF395988CF98

Function 004073D6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(;q@,;q@,00003000,00000040), ref: 00407474
VirtualAlloc.KERNELBASE(00000000,;q@,00003000,00000040), ref: 004074BF

Strings

;q@, xrefs: 00407466, 00407470, 004074B9, 004074D7, 0040742C, 00407469, 00407473, 004074BC
;q@, xrefs: 004073DC

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: ;q@$;q@
API String ID: 4275171209-3893597124
Opcode ID: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
Instruction ID: d3bad8f71399132065eca503ffa06903ce5ef1b7e5e995e1b9bcc650a41b767e
Opcode Fuzzy Hash: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
Instruction Fuzzy Hash: D941B535A04209EFCB50CF98C485FADBBF0EB08364F1484A5E959EB391D734EA81CB45

Function 00418DB9 Relevance: 6.1, APIs: 4, Instructions: 85synchronizationthreadCOMMON

Download Yara Rule

APIs

_MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
CreateThread.KERNELBASE(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CreateObjectOpenSingleThreadWait
String ID:
API String ID: 4234577939-0
Opcode ID: f43b621d675ccc337efc39be0cc282dc91ce5b12264d272aea3fd1cbd3d3afdf
Instruction ID: 4c5e3d0133d6e9f2eae60e2625ec9d3b543f1cf41f80d31bea27500df29b833e
Opcode Fuzzy Hash: f43b621d675ccc337efc39be0cc282dc91ce5b12264d272aea3fd1cbd3d3afdf
Instruction Fuzzy Hash: 4F315C75900208AFDB10EF61DC45BED3BB5BF15305F54412AF9159A1A1EF349A86CF88

Function 004070D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

ez@, xrefs: 004072B1

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID: ez@
API String ID: 0-307298357
Opcode ID: 3bbf64017ccec70b43ef0a4a85a6baf18d8732ef2f27285e686f093308f930eb
Instruction ID: a860d7bb49b00275ae4f9f6a4a51eaec01057512aeaaa0d5d6857e8719e4b74b
Opcode Fuzzy Hash: 3bbf64017ccec70b43ef0a4a85a6baf18d8732ef2f27285e686f093308f930eb
Instruction Fuzzy Hash: FA61D270C08209EFCF14DF94D948BEEB7B0AB04315F2044AAE405B7291D779AE94DF6A

Function 00418C65 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000), ref: 00418C99
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00418D4B

Strings

ERROR, xrefs: 00418D3D

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID: ERROR
API String ID: 1659193697-2861137601
Opcode ID: 63e6eed9abdabe16e44a68f7f9864da067214aca1ca454f7c695c55e2f80d023
Instruction ID: 4cb9426ee5e73f282c12afd8d592c338adc4812851f741afb7acd22160182d69
Opcode Fuzzy Hash: 63e6eed9abdabe16e44a68f7f9864da067214aca1ca454f7c695c55e2f80d023
Instruction Fuzzy Hash: 6B3184B1E10204ABCF00EBA5DD46AEE7778FB15318F10051AF502E73A1DB389940CBA9

Function 00418E9E Relevance: 4.5, APIs: 3, Instructions: 45sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

_MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
CreateThread.KERNELBASE(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
Sleep.KERNEL32(000003E8,?,00000000,?,?), ref: 00418EA5

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CreateObjectOpenSingleSleepThreadWait
String ID:
API String ID: 1990444757-0
Opcode ID: db982492dfe86fd64df0525366e688e2b4b5a29edeeaa01de3fa1648289cf0de
Instruction ID: 5657c23587d86dbe871ff5d5566c82c5f00d4f8eb17df63da99cc315ca23b86c
Opcode Fuzzy Hash: db982492dfe86fd64df0525366e688e2b4b5a29edeeaa01de3fa1648289cf0de
Instruction Fuzzy Hash: 52011774640204EBDB21EF21DC46BEC3B65BB11709F54412AF9169A1B1DB399A82CF89

Function 00413563 Relevance: 4.5, APIs: 3, Instructions: 25COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,004154AA), ref: 00413576
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00413596
CloseHandle.KERNEL32(00000000), ref: 0041359F

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 424327ca4c3cbaa72694fe0256f2ae6f23efaf6e2f470c7a486978a51854163c
Instruction ID: 648301d2c24216510959a40647cebe15a857575c5a4660e0673f59272e1cdbeb
Opcode Fuzzy Hash: 424327ca4c3cbaa72694fe0256f2ae6f23efaf6e2f470c7a486978a51854163c
Instruction Fuzzy Hash: 68F0F27890120CFFDB11EFA0DC0AFDC7BB9AB09709F1444A5B615AA1A0D7B1ABD4DB44

Function 0040D1C6 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

StrCmpCA.SHLWAPI(00000000,Opera GX,00425200,00425200,?,?), ref: 0040D201

Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC

Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A

Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3

Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 00412F4C: GetFileAttributesA.KERNELBASE(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B

Part of subcall function 00407F8E: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00407FDF
Part of subcall function 00407F8E: memcmp.MSVCRT ref: 00408034

Strings

Opera GX, xrefs: 0040D1F3

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
String ID: Opera GX
API String ID: 1439182418-3280151751
Opcode ID: 0fb77b7b81ea3809c0307192b11be850f65fcb2790e200c338288ed7b6fd4c59
Instruction ID: fb3989cb2523bfc062273a9d11041c6471dda5227b0977fe00502919fff50608
Opcode Fuzzy Hash: 0fb77b7b81ea3809c0307192b11be850f65fcb2790e200c338288ed7b6fd4c59
Instruction Fuzzy Hash: 4BD113729001089ADF14FBF1DD56EEE737CAF14305F50412BF616A21E1EE39AB88CA59

Function 00407902 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(00EBE9FC,458B0874,00000002,00000002), ref: 004079D0

Strings

@, xrefs: 004079AC

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
Instruction ID: 108c03afaf6488205a77675aa431fcd5872e35c29fe2ccaab908e516a6f44892
Opcode Fuzzy Hash: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
Instruction Fuzzy Hash: 2D31CBB5D08209EFEB10CF98C545BADBBF1FB04304F1485A6D455AB391D378AA81DF46

Function 00417E48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4

Part of subcall function 00406312: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
Part of subcall function 00406312: StrCmpCA.SHLWAPI(?), ref: 00406390
Part of subcall function 00406312: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
Part of subcall function 00406312: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
Part of subcall function 00406312: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
Part of subcall function 00406312: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00417E8B

Strings

ERROR, xrefs: 00417E7D, 00417EDB

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR
API String ID: 3287882509-2861137601
Opcode ID: bb33d87117d8667f9c5c7158566ed321b33361f7c494144e9eddfb2cb9a39704
Instruction ID: b6725acd924a18acdeaf76a85a33531c260c99ef83c6fe063ac976ef0ea738d9
Opcode Fuzzy Hash: bb33d87117d8667f9c5c7158566ed321b33361f7c494144e9eddfb2cb9a39704
Instruction Fuzzy Hash: 4B11D0319101089BCB14FFA2E8569DD7378AF50309F50412EF916971F2EF39AB48C788

Function 00412F4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B

Strings

&@, xrefs: 00412F52

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: &@
API String ID: 3188754299-4010431647
Opcode ID: c554d616c374e849fdf741f0e5d4d7b9930fb9937f03e0365571ee75c380a818
Instruction ID: 5a9ed636e313f6a7dd176774e2c6308ea72efcd30315a16af32adb4bfda7ee87
Opcode Fuzzy Hash: c554d616c374e849fdf741f0e5d4d7b9930fb9937f03e0365571ee75c380a818
Instruction Fuzzy Hash: 4CF0C074C1020CEBCB00DFA5D5456DDB774AB11359F108156E522E72A0E7789B96DF44

Function 00412667 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Strings

Unknown, xrefs: 00412691

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CurrentProfilelstrcpy
String ID: Unknown
API String ID: 2831436455-1654365787
Opcode ID: 6f65f47d843f5c38b1e0a66190c485fb9fc1308ec2868120a4b7116f04a99c60
Instruction ID: 79ae12f52d30196ee2c5170817a78a3de43ea3cd72a751e4cea9930dc4e20eb0
Opcode Fuzzy Hash: 6f65f47d843f5c38b1e0a66190c485fb9fc1308ec2868120a4b7116f04a99c60
Instruction Fuzzy Hash: 0CE04F30600108EFCF10EF65D881EDD37ACBB04788F50402AF905D7190DB74E995CB98

Function 220004D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

failed to allocate %u bytes of memory, xrefs: 220004E7

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: failed to allocate %u bytes of memory
API String ID: 0-1168259600
Opcode ID: a140a7b89996f629095f0c3f49ccb390081f030caae55868b963bfde730cfe3c
Instruction ID: 59044aa2cd5d5af21f9fbcdb66fe37cfea8619fad2e6c99af4b55c0eec2f7603
Opcode Fuzzy Hash: a140a7b89996f629095f0c3f49ccb390081f030caae55868b963bfde730cfe3c
Instruction Fuzzy Hash: 63D02223ECC32327E2271190AC00FCB3E824B603A0F0A4030FD6C19230D9278A5083C2

Function 00412F92 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC

Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 47392e84d6d6294a81bee49d13ce944e3ea666f2a03f2c076f629e9461e68349
Instruction ID: aa325d3f94b7a9653be548765aa3873853a6de89a1716966dfff1a03a5bef2b1
Opcode Fuzzy Hash: 47392e84d6d6294a81bee49d13ce944e3ea666f2a03f2c076f629e9461e68349
Instruction Fuzzy Hash: 7DE04F3094034DBBDB51EF50CC92FCD376C9B04B05F404191B60CAA0D0DA70EB858B54

Function 00412FD6 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNELBASE(00000040,00000001), ref: 00412FF2

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 23ddd831960a07a4baf59c42516714ef093421010defdf0cacab57d0b5a2c2c6
Instruction ID: d6433807a1b8db94d6cb6db165d9c0c75de4d80c94e6a7adbc32009b6d90f099
Opcode Fuzzy Hash: 23ddd831960a07a4baf59c42516714ef093421010defdf0cacab57d0b5a2c2c6
Instruction Fuzzy Hash: 2F019274900208FFDB05CF98C585BED7FF4EB0931AF248089E505AB294C279AF84DB15

Function 00412B6B Relevance: 1.3, APIs: 1, Instructions: 10COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 00412B72

Memory Dump Source

Source File: 00000005.00000002.3250842957.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3250842957.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3250842957.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e9ef69333db613a216edd2c8bf2b23955e04f01125ce089b17a326d4bede4d29
Instruction ID: 52e30e3b9de2c83f9cf9caa13978d237713c2858ae44fde087075dd4632ce1ce
Opcode Fuzzy Hash: e9ef69333db613a216edd2c8bf2b23955e04f01125ce089b17a326d4bede4d29
Instruction Fuzzy Hash: ABC04C70A1411DBB8B04EB59E94284DBBE89A04298B504069F40896151D671AE419658

Non-executed Functions

Function 220B4140 Relevance: 47.7, APIs: 14, Strings: 13, Instructions: 461COMMON

Download Yara Rule

Strings

SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1, xrefs: 220B4574
Found (%lld -> %lld) in %s table, expected (%lld -> %lld), xrefs: 220B4527, 220B4603
%_parent, xrefs: 220B44D4, 220B451E
Mapping (%lld -> %lld) missing from %s table, xrefs: 220B44E6, 220B45C2
SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1, xrefs: 220B4498
Dimension %d of cell %d on node %lld is corrupt relative to parent, xrefs: 220B444D
Rtree depth out of range (%d), xrefs: 220B428E
Node %lld is too small for cell count of %d (%d bytes), xrefs: 220B432B
Node %lld is too small (%d bytes), xrefs: 220B425A
Node %lld missing from database, xrefs: 220B4230
SELECT data FROM %Q.'%q_node' WHERE nodeno=?, xrefs: 220B4166
Dimension %d of cell %d on node %lld is corrupt, xrefs: 220B43D7
%_rowid, xrefs: 220B45B0, 220B45FA

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %_parent$%_rowid$Dimension %d of cell %d on node %lld is corrupt$Dimension %d of cell %d on node %lld is corrupt relative to parent$Found (%lld -> %lld) in %s table, expected (%lld -> %lld)$Mapping (%lld -> %lld) missing from %s table$Node %lld is too small (%d bytes)$Node %lld is too small for cell count of %d (%d bytes)$Node %lld missing from database$Rtree depth out of range (%d)$SELECT data FROM %Q.'%q_node' WHERE nodeno=?$SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1$SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1
API String ID: 0-1352829109
Opcode ID: 100ac65f2bfa7e4cb2716b46c42e8e0c9a9ced7a754f2aa2705a64556a5bb642
Instruction ID: 8b3a506a49243bf8c1b3eae158512101c31b261b85bd9cf3679c4e9cb2c25dfb
Opcode Fuzzy Hash: 100ac65f2bfa7e4cb2716b46c42e8e0c9a9ced7a754f2aa2705a64556a5bb642
Instruction Fuzzy Hash: F1F147B19043009FD7258F25CD94E2BBBE8EFA8314F05492CFD445A206E776DB50DBA2

Function 22110480 Relevance: 30.2, APIs: 8, Strings: 9, Instructions: 476COMMON

Download Yara Rule

Strings

%s mode not allowed: %s, xrefs: 221109EC
loca, xrefs: 22110598
lhos, xrefs: 221105A1
file, xrefs: 221104DA
invalid uri authority: %.*s, xrefs: 221105C2
cach, xrefs: 2211082B
no such vfs: %s, xrefs: 2211099A
mode, xrefs: 22110867
no such %s mode: %s, xrefs: 22110922

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s mode not allowed: %s$cach$file$invalid uri authority: %.*s$lhos$loca$mode$no such %s mode: %s$no such vfs: %s
API String ID: 0-1127695371
Opcode ID: 55be3d95c91ee5ec43f4458b3e4822d1461a85ad1ff5d47f179a9cdbe00ee538
Instruction ID: c0b85fca9efae11ae7695b061e33c01f89fd8a3f3e5d4bf7a50720312a5a8660
Opcode Fuzzy Hash: 55be3d95c91ee5ec43f4458b3e4822d1461a85ad1ff5d47f179a9cdbe00ee538
Instruction Fuzzy Hash: 73F13571D883458FE7118E14C6A0F9A7BE2AF86318F44467CECE52B287D7369745CB82

Function 21FF8680 Relevance: 28.6, APIs: 9, Strings: 7, Instructions: 550COMMON

Download Yara Rule

Strings

SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s, xrefs: 21FF98F1
parse error in rank function: %s, xrefs: 21FF97FF
DESC, xrefs: 21FF98C2, 21FF98D6
%s: table does not support scanning, xrefs: 21FF9979
recursively defined fts5 content table, xrefs: 21FF86C5
, xrefs: 21FF9848
ASC, xrefs: 21FF98BA

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: $%s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$parse error in rank function: %s$recursively defined fts5 content table
API String ID: 0-2381147695
Opcode ID: b5dfee7fac50ef05b8419d10e2047418fa5c636c3b48d1539312a2099e867110
Instruction ID: b978ae1afabdfb28ee9c3f4cb73d6f9f511c5edc82a2804751835e52622bc30d
Opcode Fuzzy Hash: b5dfee7fac50ef05b8419d10e2047418fa5c636c3b48d1539312a2099e867110
Instruction Fuzzy Hash: F822F0B2900301EFDB15CF24C884A6A7BF6BF89304F04452DFD65972A1E7B6EA45CB91

Function 21FE66C0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 416COMMON

Download Yara Rule

Strings

_shape does not contain a valid polygon, xrefs: 21FE6816

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: _shape does not contain a valid polygon
API String ID: 0-1814939628
Opcode ID: 293b4740df5df8739156e884878ff1d77f1e43599ba3559f93452db0bd5cd733
Instruction ID: 6c26ef47b078d103de90a3afcdb2766aac4548aad1c8622b515bdc7ae0a221d9
Opcode Fuzzy Hash: 293b4740df5df8739156e884878ff1d77f1e43599ba3559f93452db0bd5cd733
Instruction Fuzzy Hash: 1FE1D1B2804305EFD711DF24C844A1BBBEAAF99720F04492DF9A957212E737DA45CBD2

Function 21FFB400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s, xrefs: 21FFB696
DESC, xrefs: 21FFB656, 21FFB65E, 21FFB67D, 21FFB685
ASC, xrefs: 21FFB651, 21FFB678
SELECT %s ORDER BY rowid %s, xrefs: 21FFB665

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
API String ID: 0-3496276579
Opcode ID: 163a175491d12b6b5ca8ec2cbda65704390e274008f40ee929f3737a13b54fae
Instruction ID: 18c2e0725cea33bdea6af5a2e5ece13b177797b6dc629cdc833c3532b2a0d103
Opcode Fuzzy Hash: 163a175491d12b6b5ca8ec2cbda65704390e274008f40ee929f3737a13b54fae
Instruction Fuzzy Hash: DBC167B2500701EFD722CF24D840B67BBE2FF85310F18096EE9A5866A1E7BBE645C751

Function 22000FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

e, xrefs: 2200115A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction ID: 596a5da9fb84f81eb20263d22a3509b9c74d214835df365a882f4878132115cf
Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction Fuzzy Hash: FF5123B22083419FE709CE28D880F7BB7E2EF95311F14057AF89196561E732EE54E7A1

Function 220F14D0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 360COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 220F1586
misuse, xrefs: 220F15AC
API called with NULL prepared statement, xrefs: 220F1571
%s at line %d of [%.10s], xrefs: 220F15B1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220F15A2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 66da464299d940ca1ce631fef820e8a3a57236753527b58b42e6fc0029a4f266
Instruction ID: 2da6ccaf36247fa164b249a29892a016365bdab08ecb8167ecf8e6a9e7aaaa52
Opcode Fuzzy Hash: 66da464299d940ca1ce631fef820e8a3a57236753527b58b42e6fc0029a4f266
Instruction Fuzzy Hash: 8BC138B19807009BE7228F34DD44B5BB7E5BF50318F04063CEC9A97252EB76E949D792

Function 220B4D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026ea2b424990c42b3cb87b442484bd41e2ffd8556963eb92198e8e0e7439784
Instruction ID: 4d6f686a934fcd5cf3acb3d8d6ea024dd22faac2e6a3d6894800e483e000fca1
Opcode Fuzzy Hash: 026ea2b424990c42b3cb87b442484bd41e2ffd8556963eb92198e8e0e7439784
Instruction Fuzzy Hash: 09F1E7B15003019FD3219F65C988E2B77F8EFA5315F040A3DFD5482242EBB6DA45DBA2

Function 22048200 Relevance: 14.0, APIs: 9, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e51592c3275ebbb2d52a7d5a6b00090ec50cf5778634e9cc476f61317fd0013b
Instruction ID: 6cee285848ae873ca730fbfb9f3d06b10b48920015641920d8dd39e44bf266a7
Opcode Fuzzy Hash: e51592c3275ebbb2d52a7d5a6b00090ec50cf5778634e9cc476f61317fd0013b
Instruction Fuzzy Hash: 7A02FB72D04350AFD7118F24CD80F5BB7E9BB88354F848E39FA8892211EB76D954DB92

Function 220751D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON

Download Yara Rule

Strings

, xrefs: 22075334
REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 22075264

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-69911113
Opcode ID: c50c8cb36f9e28a3ef465f0494d2e86ab8b2a3fa24488b8e489f6edbe2d8fb14
Instruction ID: 2aefc8e13a9580cd5c9dae7f4597885274bddc3344ed58a7451cb0b0bedf9309
Opcode Fuzzy Hash: c50c8cb36f9e28a3ef465f0494d2e86ab8b2a3fa24488b8e489f6edbe2d8fb14
Instruction Fuzzy Hash: E141B1B1A04301AFD701DF28CD80B5AB7F6FF98308F450528F988A7251E776E951DB96

Function 220AD610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction ID: 39f3393e9a270f1c27ac997c3a5d46666fa139e83fd6151b7678866213dc9782
Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction Fuzzy Hash: 4241D071600702AFCB019F68DD80A5BB7E9FF55314F404639FA6886250EB32EA15DBA2

Function 22034760 Relevance: 9.4, APIs: 6, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c93ec384b39d5a9c04a1db580a20cf0e8f6228cf4ff9bfeae6bcf974cd3ea2
Instruction ID: f8bff5c23049d9e1c580fc57820bd82969446764ebd5556d6a249aefacc4ad6d
Opcode Fuzzy Hash: b2c93ec384b39d5a9c04a1db580a20cf0e8f6228cf4ff9bfeae6bcf974cd3ea2
Instruction Fuzzy Hash: 93F1A0719043519FD342CF24C984A1BBBF4FF88308F444A2DF9959B216EB76EA44DB92

Function 21FE4820 Relevance: 9.3, APIs: 6, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135af116e535f7f65d3ff64878bd0322476676a869123952ab44d8292e9bbde4
Instruction ID: 4d6f151963b732ce32fabe0f350f812b5b7a1dc6d68742410b5f31845396b42d
Opcode Fuzzy Hash: 135af116e535f7f65d3ff64878bd0322476676a869123952ab44d8292e9bbde4
Instruction Fuzzy Hash: 2EB19CB1804701AFD700CF25C888B1BB7F9BF9A314F048B1DF96996241E7BAE554CB96

Function 22069090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268ab9e6dff54529bab953780a99cf5d757e5802f07dd8d88eaac29ad01162ce
Instruction ID: 5e642711e4279726bdfafdcf03a9a7684279eadb6dea3c3b67c74748c64e3685
Opcode Fuzzy Hash: 268ab9e6dff54529bab953780a99cf5d757e5802f07dd8d88eaac29ad01162ce
Instruction Fuzzy Hash: 7131FF71A003049FE329CF28D984E36B3E5EF84325B1405B9E9428F662D723EC51EB90

Function 2203E200 Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc88afe3aa4a11deaaaaca36f6ba03ab9cbf9ffa983653a562faa31a7dbd1d0b
Instruction ID: fe33d53d95f8fd1b7ef8e5dd40ce86e13da25372e66425ed4783578373cf184b
Opcode Fuzzy Hash: dc88afe3aa4a11deaaaaca36f6ba03ab9cbf9ffa983653a562faa31a7dbd1d0b
Instruction Fuzzy Hash: EE11367320530A6FD3055AA1EC81FEBB3DDEF58325F140539FB1552180EBB7A91293A1

Function 220206E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

VUUU, xrefs: 2202083A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: c2cb5991c62f293b0fc8c31c804e88cee6eb286f0ca7c065da5508efceec58fc
Instruction ID: fe1af9e418e964e131e182fca61765b7aeae32aff2d6dd0c11cfdd94e234191a
Opcode Fuzzy Hash: c2cb5991c62f293b0fc8c31c804e88cee6eb286f0ca7c065da5508efceec58fc
Instruction Fuzzy Hash: 1981D6B19047458FC715DF29C880A2BFBE9FFA8310F04466EE88997242E771D944DBA1

Function 2204A6F0 Relevance: 7.6, APIs: 5, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81c5ec7f4d549d4670fd1640e1fd1f89e8fd3870de774f08dca09938ef6f923f
Instruction ID: 1a4c4c708787fe773d091f93960d2960372a77cfbc28908a89af128642d17552
Opcode Fuzzy Hash: 81c5ec7f4d549d4670fd1640e1fd1f89e8fd3870de774f08dca09938ef6f923f
Instruction Fuzzy Hash: CC614BB15483818FC328CF56C690E4BBFF1BB85340F548A9CE5A86B260CB369605DF92

Function 22028550 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction ID: 14620cd32cf40f6aa5f0db425060ce592f1f9bdb38899f560c94dae4b16da24f
Opcode Fuzzy Hash: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction Fuzzy Hash: 4801ADB6604302ABCB199F14ED01BAA77AAAF94715F18046DF90066280D333EC29D7A6

Function 21FD298C Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 221C2A1F
IsValidCodePage.KERNEL32(00000000), ref: 221C2A56
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 221C2C3A

Strings

utf8, xrefs: 221C2B28

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: CodeInfoLocalePageValid
String ID: utf8
API String ID: 790303815-905460609
Opcode ID: cab0b00a2d60aa34e835bdef698c0fd51ef60a78c83c909ef6b97ae5c5dd0ce5
Instruction ID: 588a8fc40604a1542e592066e7a557b64b20ac37ef50a7026fe8bf7b55c7540c
Opcode Fuzzy Hash: cab0b00a2d60aa34e835bdef698c0fd51ef60a78c83c909ef6b97ae5c5dd0ce5
Instruction Fuzzy Hash: 6971FB7A680306AFD72D9F74CD45FEA73A8EF64B14F100429EA159B180EBF5D740C662

Function 2203E090 Relevance: 6.1, APIs: 4, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db0261abc335e64df3cb1dcb164eb679254ce939c1ef1e5d3dd95fbd197b5a15
Instruction ID: dbab77e7204fb0d66f1d435c35cdf666ecaf32ef94c1595f632c603724626811
Opcode Fuzzy Hash: db0261abc335e64df3cb1dcb164eb679254ce939c1ef1e5d3dd95fbd197b5a15
Instruction Fuzzy Hash: 8031CAB2100300AFD7168F09ED40E76B7E1EF89314F0485AAE8518F252E336E986DB91

Function 21FD2C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 221748A7
IsDebuggerPresent.KERNEL32 ref: 22174973
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 22174993
UnhandledExceptionFilter.KERNEL32(?), ref: 2217499D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: ea26eac5939bc8944dd35bc800c6b1f416dcfe1838b780be5c21c5536516a855
Instruction ID: 37bcc1127f7a86b01dc88be9ee8949b3e84ae63e22098932c904e4d7da0a72c9
Opcode Fuzzy Hash: ea26eac5939bc8944dd35bc800c6b1f416dcfe1838b780be5c21c5536516a855
Instruction Fuzzy Hash: 8E3123B5D4131D9BDB10DFA0C989BCDBBB8BF08300F1041AAE408AB250EB759B85CF55

Function 2202EF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction ID: dfd5c7fdb0a7b01d96aa7e041685d5ec6f39743e01d8213a3bb96a33ace2c4f6
Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction Fuzzy Hash: 9E114832844A126BD352CB24D900B56F7D1BF18324F08433AFC589BA61D332F860D7C1

Function 22093770 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction ID: 72b119f414f3529720cd95a21442ac76562900ac6343e9a48b5802b0b20626e3
Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction Fuzzy Hash: 2BE09232008B01AFCB265B50DE46E9ABBA7BF58720F080C18F5E521670C663A864AB41

Function 220B37E0 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction ID: 6b2eb7230861e82aed5cab8809cbb8a4387dcde5599e512c6268ffef04372712
Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction Fuzzy Hash: EAE0B632008B81AFCB265F51DC45E9BBFA7AF58328F080C18F5A561470C7B3ACA5EB41

Function 22008970 Relevance: 4.6, APIs: 3, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee01f53d65c66a5fc5f78fe410876c91ad9c8af9dbfa2c660f62d66d621191c
Instruction ID: c80ca0ef9bc46183f6acf220d33924f78da5ab652a84f8c9bdd26f6fb8852e48
Opcode Fuzzy Hash: 6ee01f53d65c66a5fc5f78fe410876c91ad9c8af9dbfa2c660f62d66d621191c
Instruction Fuzzy Hash: 91412536504311AFE7019F29EC00D6BB7E6FF95324F1846A8F9548B261D723DA22EBD1

Function 2208D3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0822773eca3d0e7f4cdae383ad2acbec2beb07be2372741af79f5a5aa18ce26
Instruction ID: de9d190a5e514787879e993e783ff2f45333629bfead891fa3ea7c6d4b7ba4f9
Opcode Fuzzy Hash: d0822773eca3d0e7f4cdae383ad2acbec2beb07be2372741af79f5a5aa18ce26
Instruction Fuzzy Hash: 9D3129B1600701AFE705DF69E984F67B3E9FF58314F048628FA58D3241E775F9109AA2

Function 2204E170 Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba2dfd347d3fbcf3c28437e0045a3eae148fb8d7f5d2d55987197ea276cfa2f
Instruction ID: e2edcaa36f53f6b17ae345daa698d366a5003299d4aae6d95bba7beb397e96d4
Opcode Fuzzy Hash: 4ba2dfd347d3fbcf3c28437e0045a3eae148fb8d7f5d2d55987197ea276cfa2f
Instruction Fuzzy Hash: 5711E476A003006FE6059B388E04F6B77EEEF94718F144838FE80D3242EA26D911D7A2

Function 21FD2112 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

GetEnabledXStateFeatures, xrefs: 221B0C61

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: GetEnabledXStateFeatures
API String ID: 0-1068256093
Opcode ID: 48858ca6458bdcf4d8be016ca27fc74a37f6efe3e145fe79f4993592317347cc
Instruction ID: 2148f7cc6d04fb3157bdab2f37db38a6f8d656f15ec8a1337056014b72bc12fc
Opcode Fuzzy Hash: 48858ca6458bdcf4d8be016ca27fc74a37f6efe3e145fe79f4993592317347cc
Instruction Fuzzy Hash: 6AF0683658132C7BDB112F60DD48F9E3B26BF40765F060460FD2566219DB7A4A21D6D1

Function 22008CB0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17f81c03f6bd50088cca8bf984c47141a7e78ea1bdb5982dfb1849989482789a
Instruction ID: 8d69d5cb809e6e932f053f9acdbcd2f7e6d943044011596812037f61753788ad
Opcode Fuzzy Hash: 17f81c03f6bd50088cca8bf984c47141a7e78ea1bdb5982dfb1849989482789a
Instruction Fuzzy Hash: DC01B1B56013019BF705CF28E944E0A77EAFFB4204F540539F584D3312EA36DA05DBAA

Function 22008430 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction ID: d47c9414211d0ecf49397237dab67a8e73cb06573498a5c66f653544f7c8f744
Opcode Fuzzy Hash: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction Fuzzy Hash: D5B048B2408A42BFEB41AA088C008BAB6AAFBD4210F888C48B4A440020D33288289A12

Function 21FD42AF Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00004214), ref: 22174A98

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 391bfeefc799518bc5d22a1130f64dcb656f9fe628082179910e3ba0bae5eaff
Instruction ID: 3a5fc4e197e378b4fab0650fd244028ab36682d12f72e283869a742d9d1f23bd
Opcode Fuzzy Hash: 391bfeefc799518bc5d22a1130f64dcb656f9fe628082179910e3ba0bae5eaff
Instruction Fuzzy Hash: A59002AADC02025B8E049B62964EC14753155856023050560646EA481E4A1E0201DA36

Function 220B5660 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 452COMMON

Download Yara Rule

Strings

CREATE TABLE x(%.*s INT, xrefs: 220B57CA
_node, xrefs: 220B579E
,%.*s, xrefs: 220B5804, 220B5835
Auxiliary rtree columns must be last, xrefs: 220B56B3, 220B58B3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$_node
API String ID: 0-209218429
Opcode ID: 3e0e62ed16cd9814df7770f1643652f8c8c9453efcc34f9a351339995b8d944c
Instruction ID: db0ee4aff0ebf4ea3fc34bb25a2c1c48ebdcd059da79a79289452ac0fb34a99c
Opcode Fuzzy Hash: 3e0e62ed16cd9814df7770f1643652f8c8c9453efcc34f9a351339995b8d944c
Instruction Fuzzy Hash: 79F111715003019FD7258F24C984F2FBBE9AF58304F040A68FD5A97206DB7BEA55DBA2

Function 21FFCC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470COMMON

Download Yara Rule

Strings

%04d, xrefs: 21FFD1CE
%04d-%02d-%02d, xrefs: 21FFCE82
%06.3f, xrefs: 21FFCE5F
%lld, xrefs: 21FFD0EE
%.16g, xrefs: 21FFCFB3
u, xrefs: 21FFD16D
%02d:%02d, xrefs: 21FFD080
%2d, xrefs: 21FFCE27
%03d, xrefs: 21FFCF81, 21FFCF8B
%02d:%02d:%02d, xrefs: 21FFD12E
%02d, xrefs: 21FFCE2C, 21FFCE34, 21FFCF27, 21FFCF6F, 21FFCFCE, 21FFCFE9, 21FFD10A
%.3f, xrefs: 21FFD0BF

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
API String ID: 0-1613945299
Opcode ID: 895a0dba98008234a4e50d3eed47f81fe718604b71cd39ffa8f6c32912739a52
Instruction ID: 3f9359d647159d59efc66dc8f25f8fd61e15f58977f784f001127057ae2ca445
Opcode Fuzzy Hash: 895a0dba98008234a4e50d3eed47f81fe718604b71cd39ffa8f6c32912739a52
Instruction Fuzzy Hash: 8AF106B3908701AFE3158F24CC41F6BB7EBAF99300F044A1DF5A496191E6B7DA448752

Function 22079120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355COMMON

Download Yara Rule

Strings

_node, xrefs: 22079202
,%s, xrefs: 22079297
CREATE TABLE x(_shape, xrefs: 22079268

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ,%s$CREATE TABLE x(_shape$_node
API String ID: 0-1242591684
Opcode ID: fb1584c2185d44a792b860d52cea431df458d003e20585db20fa373368817c1b
Instruction ID: aaa35b1a10a9757a010ade11a7f9dffa7b4dfaec503bef7c1c7a6e22b390d102
Opcode Fuzzy Hash: fb1584c2185d44a792b860d52cea431df458d003e20585db20fa373368817c1b
Instruction Fuzzy Hash: B8C110B29003059FD7259F24C988F2777F9AF28308F040A28FD5986216DB7BE515DBA6

Function 2212B050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251COMMON

Download Yara Rule

Strings

(blob), xrefs: 2212B26C
BINARY, xrefs: 2212B0D3
vtab:%p, xrefs: 2212B283
NULL, xrefs: 2212B267, 2212B324, 2212B325
%c%u, xrefs: 2212B2C3
%lld, xrefs: 2212B1DA, 2212B24C
,%s%s%s, xrefs: 2212B137
%.16g, xrefs: 2212B217
%.18s-%s, xrefs: 2212B192
program, xrefs: 2212B2FB
k(%d, xrefs: 2212B0A5
%s(%d), xrefs: 2212B1B3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
API String ID: 0-900822179
Opcode ID: 8ac8f23ded6fee9da20c0074289a4ddb0caf01f6ced768e9cd325c59123f2a19
Instruction ID: 75b6bce35eb2d06328aa5d944724435bf21d856221c4929ff5729b6a21559fc9
Opcode Fuzzy Hash: 8ac8f23ded6fee9da20c0074289a4ddb0caf01f6ced768e9cd325c59123f2a19
Instruction Fuzzy Hash: E4911271A48B159FD705CF24C980FAB7BE5BF94304F054A88F99A9B252D332DB06C792

Function 21FF2BE0 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 346COMMON

Download Yara Rule

Strings

unopened, xrefs: 21FF2E55
NULL, xrefs: 21FF2E38
misuse, xrefs: 21FF2E73
invalid, xrefs: 21FF2E4E
ORDER BY name, xrefs: 21FF2DCC
API call with %s database connection pointer, xrefs: 21FF2E5A
%s at line %d of [%.10s], xrefs: 21FF2E78
SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0), xrefs: 21FF2DA4
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FF2E69
WHERE name=%Q, xrefs: 21FF2DB7

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ORDER BY name$%s at line %d of [%.10s]$API call with %s database connection pointer$NULL$SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0)$WHERE name=%Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-1179878930
Opcode ID: 4abc83114cd7424d3017517faa635633190b82842958bf337f9142013946bb8d
Instruction ID: 194b68d9bf42abd08b6034fab88d375b965c3d8c6473078e219b684f8f9d8a16
Opcode Fuzzy Hash: 4abc83114cd7424d3017517faa635633190b82842958bf337f9142013946bb8d
Instruction Fuzzy Hash: 18C14572604700EBE7118F14C884F5B3BE6AF51314F044528ED799B2E6E7B7EA4687D2

Function 22136230 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 374COMMON

Download Yara Rule

Strings

NULL, xrefs: 22136481
NULL, xrefs: 22136466
%lld, xrefs: 2213649B
%!.15g, xrefs: 221364C2
'%.*q', xrefs: 22136562
-- , xrefs: 221362B0, 221362C0
%02x, xrefs: 2213660C
zeroblob(%d), xrefs: 221365AF

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %!.15g$%02x$%lld$'%.*q'$-- $NULL$NULL$zeroblob(%d)
API String ID: 0-3665355275
Opcode ID: 5fdfca6ea77efe925d297851f6046bfc18c73f2b5f993fbf3fc761997bfb8bf7
Instruction ID: a7b03e9f1cc33fa0fa84461c4a25f8fae5f2b737879374acf98e56186abe6a08
Opcode Fuzzy Hash: 5fdfca6ea77efe925d297851f6046bfc18c73f2b5f993fbf3fc761997bfb8bf7
Instruction Fuzzy Hash: 68D124B19483809FD706CF24C980E9BBBE6BF99348F050A5DF99997212D331D748CB96

Function 220FA150 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 226COMMON

Download Yara Rule

Strings

idx, xrefs: 220FA200
id INTEGER PRIMARY KEY, block BLOB, xrefs: 220FA1DF
data, xrefs: 220FA1E4
segid, term, pgno, PRIMARY KEY(segid, term), xrefs: 220FA1FB
%s_data, xrefs: 220FA1BC

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s_data$data$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
API String ID: 0-1009905541
Opcode ID: 91917f72e4b49579c19b04a1af35751306a3ba35d50503f915b136594d4e0571
Instruction ID: 41b2ae62068dd12d33579a27b0c83b723f23dddd95e97fde4207a5f2e9f9eb5c
Opcode Fuzzy Hash: 91917f72e4b49579c19b04a1af35751306a3ba35d50503f915b136594d4e0571
Instruction Fuzzy Hash: 96717D716803109FE7119B26DD8CF1B37E8AF14349F040A24FD069626ADFBEE554DBA2

Function 220FF370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON

Download Yara Rule

Strings

config, xrefs: 220FF549
id INTEGER PRIMARY KEY, sz BLOB, xrefs: 220FF524, 220FF52C
docsize, xrefs: 220FF52D
id INTEGER PRIMARY KEY, xrefs: 220FF43E
version, xrefs: 220FF560
content, xrefs: 220FF49D
k PRIMARY KEY, v, xrefs: 220FF544
id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER, xrefs: 220FF51C
, c%d, xrefs: 220FF469

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
API String ID: 0-3918257174
Opcode ID: 318f1ca7d1b7790ec9bebb69d625f2fc6267deef4fcf591923a051281990ae13
Instruction ID: 7cf9a7cb817d5d2bfee52239d41d21ceedb87d5581401a4470285299921d6124
Opcode Fuzzy Hash: 318f1ca7d1b7790ec9bebb69d625f2fc6267deef4fcf591923a051281990ae13
Instruction Fuzzy Hash: 7A5134729803119BC3219F24CC88F5B77E8FB44764F090664FD489B286DF7AEA05DBA1

Function 21FDA6C0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 195COMMON

Download Yara Rule

Strings

%g,%g', xrefs: 21FDA7D1
></polyline>, xrefs: 21FDA845
%c%g,%g, xrefs: 21FDA78E
<polyline points=, xrefs: 21FDA74B
%s, xrefs: 21FDA82E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %g,%g'$ %s$%c%g,%g$<polyline points=$></polyline>
API String ID: 0-3443809342
Opcode ID: a66aca375880c5daf44a3139b2126aca167a15b7cbc57b1887e58f2a7d098b74
Instruction ID: 24b8eb549520cef07009370b19b3620eb329ce33d8640261d619d2b67b7f2b11
Opcode Fuzzy Hash: a66aca375880c5daf44a3139b2126aca167a15b7cbc57b1887e58f2a7d098b74
Instruction Fuzzy Hash: 77616B73900701ABE7058F24CC85F2777A6AF52300F094668FC295B245E777EA86CBD6

Function 22118F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON

Download Yara Rule

Strings

%!.20e, xrefs: 22118FF1
NULL, xrefs: 2211912E
%lld, xrefs: 2211900C
%!.15g, xrefs: 22118F83
NULL, xrefs: 22119148

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %!.15g$%!.20e$%lld$NULL$NULL
API String ID: 0-2115304644
Opcode ID: 56876d5d04f112733a292d8eed35b592d84a31bd1628ca76d48937bedcaf9439
Instruction ID: d66ce148faaac8cdbd8f1e829337ac9df17bf6b1df5d66ece60384ed4cf0cb12
Opcode Fuzzy Hash: 56876d5d04f112733a292d8eed35b592d84a31bd1628ca76d48937bedcaf9439
Instruction Fuzzy Hash: EF516872944B115FE325DF188C41EEBB7E5EF95304F0909ACF8A967202E336D7468392

Function 21FE3420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 21FE352C, 21FE3588
misuse, xrefs: 21FE3552, 21FE359E
ATTACH x AS %Q, xrefs: 21FE346F
API called with NULL prepared statement, xrefs: 21FE3517
%s at line %d of [%.10s], xrefs: 21FE3557, 21FE35A3
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FE3548, 21FE3594

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-2988319395
Opcode ID: 0c1acbaec7c63b7bad4d38935d94c966956bbf8d14ea7411456e1b254352e908
Instruction ID: ab726b39c3377c0f898f337c5ee74022c54ed473b768d6bf37a5bd1eb8c14ac4
Opcode Fuzzy Hash: 0c1acbaec7c63b7bad4d38935d94c966956bbf8d14ea7411456e1b254352e908
Instruction Fuzzy Hash: 51D1A1B1944301EBE7118F24888CF1B7BE6BF55305F040A2CF96D96246EB77D644CBA2

Function 2206EF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,origin, xrefs: 2206F0D6, 2206F0DE

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ,origin
API String ID: 0-4198660907
Opcode ID: 9e77eac0fb1c5712b5398b5eab4029e6c46dd99083985d77f14a8c7333a96049
Instruction ID: 3b70a970e8a116b54a8a601d0872ac25eff0af0401276e39c661ab2a978e7c04
Opcode Fuzzy Hash: 9e77eac0fb1c5712b5398b5eab4029e6c46dd99083985d77f14a8c7333a96049
Instruction Fuzzy Hash: 1E718DB1404301EFD7259F58C984D2BBBF6FF98340F544A2CE9A696221DB37E950DB42

Function 220B4B10 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 156COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 220B4C1E
UNIQUE constraint failed: %s.%s, xrefs: 220B4BC9
rtree constraint failed: %s.(%s<=%s), xrefs: 220B4BF9
SELECT * FROM %Q.%Q, xrefs: 220B4B25
misuse, xrefs: 220B4C34
%s at line %d of [%.10s], xrefs: 220B4C39
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220B4C2A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$rtree constraint failed: %s.(%s<=%s)
API String ID: 0-2013246442
Opcode ID: 22780bf8d6684809e47008e76b3e981b2b63653184be348f1762bda97f253b72
Instruction ID: f8f21798f32d223b7896ee66f49d4e894d0b7b292b3a86e488604656af2310dd
Opcode Fuzzy Hash: 22780bf8d6684809e47008e76b3e981b2b63653184be348f1762bda97f253b72
Instruction Fuzzy Hash: 494129B2A40314AFF7125F659D88F6B33A8EF70709F040638FD1596246EB669B04D6B2

Function 220B4920 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 132COMMON

Download Yara Rule

Strings

SELECT * FROM %Q.%Q, xrefs: 220B49AA
Schema corrupt or not an rtree, xrefs: 220B49DC
_parent, xrefs: 220B4A6D
_rowid, xrefs: 220B4A57
SELECT * FROM %Q.'%q_rowid', xrefs: 220B496D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: SELECT * FROM %Q.%Q$SELECT * FROM %Q.'%q_rowid'$Schema corrupt or not an rtree$_parent$_rowid
API String ID: 0-2087119806
Opcode ID: ccec38760c303ba248a692caa5a1d07a8dad07e586eb0a7bd6d48992ea8a0588
Instruction ID: 9f4281483cab11bad70b762f2d57fb5a35e7e5a73fdb9b8de0426337f114f0ae
Opcode Fuzzy Hash: ccec38760c303ba248a692caa5a1d07a8dad07e586eb0a7bd6d48992ea8a0588
Instruction Fuzzy Hash: 9941EDB2908341AFC718DB64DD80D6FB7E9AFE9704F041A3EF4A5D2200E271DA449B93

Function 2215AAD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 2215AAEF
bind on a busy prepared statement: [%s], xrefs: 2215AB94
misuse, xrefs: 2215AB15, 2215AB56, 2215ABAA
API called with NULL prepared statement, xrefs: 2215AAD9
%s at line %d of [%.10s], xrefs: 2215AB1A, 2215AB5B, 2215ABAF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2215AB0B, 2215AB4C, 2215ABA0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3679126755
Opcode ID: cd887441751def6a838e0994e66f632363fb2f3d4898901bb17d6021fde6a507
Instruction ID: b6f5f054c14edf8ae84c94155f9357817129ab8545de839f1675b100515a1728
Opcode Fuzzy Hash: cd887441751def6a838e0994e66f632363fb2f3d4898901bb17d6021fde6a507
Instruction Fuzzy Hash: B641E1713C0B05ABE7208F28DC84FC673E5AF60309F050568FA799B2C9E669D7A4C791

Function 220FECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

docsize, xrefs: 220FF020
content, xrefs: 220FEFDF

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: content$docsize
API String ID: 0-1024698521
Opcode ID: 66de754f815d18586fa1c8e8249a9eae319938b5e9d50dd026ba4eee6011a4db
Instruction ID: 378928e5e12fdd18ea7595915760052c6d5e82369374eced4092498a573f5d3d
Opcode Fuzzy Hash: 66de754f815d18586fa1c8e8249a9eae319938b5e9d50dd026ba4eee6011a4db
Instruction Fuzzy Hash: E4C11172984311AFD312DF14C984B6BB3E4AF90354F050A38FD4897252EF76EA49DB92

Function 22085470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

JSON cannot hold BLOB values, xrefs: 22085697
%lld, xrefs: 2208550D
%!0.15g, xrefs: 220854D2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %!0.15g$%lld$JSON cannot hold BLOB values
API String ID: 0-1047910854
Opcode ID: 45fc7170148db865ddfcc5ce8d13020d5d936ecabd9ec87c385f78c338aab7f8
Instruction ID: 61ae0522a5ce15759b3cd8abb57d002c4932401801577ab55b3b6001653aa656
Opcode Fuzzy Hash: 45fc7170148db865ddfcc5ce8d13020d5d936ecabd9ec87c385f78c338aab7f8
Instruction Fuzzy Hash: 8C51CC735003006EE3115B18DC41FBF3BE7DFA6325F19026DFA5157282EB679652A2A3

Function 22002B70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 183COMMON

Download Yara Rule

Strings

("%s", xrefs: 22002C4A
ABLE x, xrefs: 22002BB6
,schema HIDDEN, xrefs: 22002CD2
%c"%s", xrefs: 22002C1B
,arg HIDDEN, xrefs: 22002C7A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %c"%s"$("%s"$,arg HIDDEN$,schema HIDDEN$ABLE x
API String ID: 0-1763475469
Opcode ID: b6a8d986ae4208b599a496c0cf374f157fad75b43d6dcf68a01e071dde6f6050
Instruction ID: f3a29536e4173bfb83f5ef8c519e21e28f1847ad890108308ccfc92397205482
Opcode Fuzzy Hash: b6a8d986ae4208b599a496c0cf374f157fad75b43d6dcf68a01e071dde6f6050
Instruction Fuzzy Hash: 11718E759083429FE305CF64C940B6BBBE0FF98308F044A6EE89997251E775DA49CB92

Function 2207AA40 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 334COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 2207AA9C, 2207AD76
misuse, xrefs: 2207AAC2, 2207AD8C
API called with NULL prepared statement, xrefs: 2207AA87
%s at line %d of [%.10s], xrefs: 2207AAC7, 2207AD91
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2207AAB8, 2207AD82

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 3e89e5c14cbaa5c185e8fde7b325ebc002e8e8a5cade0d5de0a893828d5b189e
Instruction ID: e869863457024402227c9c21c39ae65cbe2de9f9a001a7a097cae6c1869ff004
Opcode Fuzzy Hash: 3e89e5c14cbaa5c185e8fde7b325ebc002e8e8a5cade0d5de0a893828d5b189e
Instruction Fuzzy Hash: D3B158B1A00704AFE7128F269D44F5B73F5AF50319F04053CE99687282EB7DEA04E7A6

Function 21FFA170 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

JSON path error near '%q', xrefs: 21FFA3D7
malformed JSON, xrefs: 21FFA283

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'$malformed JSON
API String ID: 0-560895927
Opcode ID: da6626a3c8dcba0e6bc213675a66576e249648fc68a01eafd5b6922dc925f580
Instruction ID: f831c59ae90773f4e182836027547fbf17029e12808db6d67aee3276a0547dd3
Opcode Fuzzy Hash: da6626a3c8dcba0e6bc213675a66576e249648fc68a01eafd5b6922dc925f580
Instruction Fuzzy Hash: FFA147B2600301DFE714CF24C844B26BBE6EF91304F18456DE5A58B2B2E7B7EA46C791

Function 2202F600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction ID: 4672b40d5c0feb39c31024d8d0546ee3df022d568becf04c91e7b542756f5302
Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction Fuzzy Hash: D3510372A043026FE301CF14EC84B6FB3E8EF94754F44063EF94497241EB26AA5997E2

Function 221070B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 22107201
invalid rootpage, xrefs: 2210715C, 2210730E
misuse, xrefs: 22107217
%s at line %d of [%.10s], xrefs: 2210721C
orphan index, xrefs: 221072C2
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2210720D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
API String ID: 0-165706444
Opcode ID: e32cb51afba0f15e25020fa659183573ab78776447aaea45490460a0bbee4f1b
Instruction ID: e14cad1a19de4abc18944a90e85dea4e35b6ccc17fcbc82ffaba935f378a629b
Opcode Fuzzy Hash: e32cb51afba0f15e25020fa659183573ab78776447aaea45490460a0bbee4f1b
Instruction Fuzzy Hash: 99619AB1A843406BE7218B309D80FDB77E9AF95319F144479FD148A287E731E716C7A2

Function 22009100 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 161COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 22009122
misuse, xrefs: 22009148
API called with NULL prepared statement, xrefs: 2200910D
%s at line %d of [%.10s], xrefs: 2200914D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2200913E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: aa47374e1f78ab1c762d2655fc674fe7fd809777d82df2e66c763e399bd4a825
Instruction ID: ecf5aed3552bece598d756a5e46bd8ee46fa80363d7856c46c8b3ecd41d640cb
Opcode Fuzzy Hash: aa47374e1f78ab1c762d2655fc674fe7fd809777d82df2e66c763e399bd4a825
Instruction Fuzzy Hash: 554188B1F447095BF7228E348C48F9B37D5ABB8714F040538E9668B342E676DB05D3A2

Function 22118340 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

unopened, xrefs: 221183BD
NULL, xrefs: 22118369
misuse, xrefs: 22118387
invalid, xrefs: 221183B6
API call with %s database connection pointer, xrefs: 2211836E
%s at line %d of [%.10s], xrefs: 2211838C
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2211837D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: ad745f738c4fc90e88a9f6b3f0ff4572b0b5e28a7d5903b77ad5e0f1a5707de7
Instruction ID: 3299232f6e66a751a0c8b6f0a1660ca4ebb77c58b70b79ae1207282cfd799b2e
Opcode Fuzzy Hash: ad745f738c4fc90e88a9f6b3f0ff4572b0b5e28a7d5903b77ad5e0f1a5707de7
Instruction Fuzzy Hash: 37417B716C43406BF7108E289D41FABB795AF91718FCA857CF9955B24AEB35C304C362

Function 2210B0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON

Download Yara Rule

Strings

unopened, xrefs: 2210B145
NULL, xrefs: 2210B0F4
misuse, xrefs: 2210B112
invalid, xrefs: 2210B13E
API call with %s database connection pointer, xrefs: 2210B0F9
%s at line %d of [%.10s], xrefs: 2210B117
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2210B108

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: 73121b732d1638c1ce57c372955fd599dab9ac43234ea552256ee09bcdf235df
Instruction ID: 0b638ed970f1e4aa80f628e72ab2ce3a20fea4f034ffa1db40817b12a1342a07
Opcode Fuzzy Hash: 73121b732d1638c1ce57c372955fd599dab9ac43234ea552256ee09bcdf235df
Instruction Fuzzy Hash: E33188716C4708ABE7112E246C40FDB7BA6AF65328F010628FDB566246F775EB01C393

Function 22006F30 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

bad parameter or other API misuse, xrefs: 22006F7E
misuse, xrefs: 22006F6A
invalid, xrefs: 22006F4F
API call with %s database connection pointer, xrefs: 22006F54
%s at line %d of [%.10s], xrefs: 22006F6F
out of memory, xrefs: 22006F39, 22006FA0
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22006F60

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$bad parameter or other API misuse$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$out of memory
API String ID: 0-2911740470
Opcode ID: 7a13b7cde9e279ed166b3886812f412ef90835f2294d59e9bea9d7b1b9ebcba8
Instruction ID: fdeb6f6bd3a37438125ed2b4c299e88a383342d8c363408378c3be58517ae969
Opcode Fuzzy Hash: 7a13b7cde9e279ed166b3886812f412ef90835f2294d59e9bea9d7b1b9ebcba8
Instruction Fuzzy Hash: B0217C712807309BF72347949D84FB737E35BC0318F19853CF1666724AD675EB42A281

Function 21FF06F0 Relevance: 15.2, APIs: 10, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd073518cca0c9c86e5fb485843ab7f47134755837041342b9ebe336bc4acb92
Instruction ID: 87193bb448dff933541234109b1230f4442dc743f9088d6facb7ef3c49ac26cc
Opcode Fuzzy Hash: bd073518cca0c9c86e5fb485843ab7f47134755837041342b9ebe336bc4acb92
Instruction Fuzzy Hash: 937125B2900301DFE714DF14C881A6677E7AFA5304F0401ADEDA59B7A2E3B7DA45CB91

Function 220B6380 Relevance: 15.1, APIs: 10, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55cafc797ada4657d19e2b11570f758b1886b1c04dc29a6fe662777cdb8f72a
Instruction ID: 2e5f42cb39ce08501762f54c5116ef1bdbab392b60d8c76b6a44e1f3f109a478
Opcode Fuzzy Hash: c55cafc797ada4657d19e2b11570f758b1886b1c04dc29a6fe662777cdb8f72a
Instruction Fuzzy Hash: F641DD71480B109FD7255B25D98CE1777F9AF20309F040A28FD168262EDBBBE554EB62

Function 2202F4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction ID: b5c7f492c52f980de2d993957f66f19457774b2abf8b671bb9794be73689fa69
Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction Fuzzy Hash: 5121A563904B522AE317EE209D05F7F72DC5F61359F084525FB24A1181FB299745A2E3

Function 21FEE170 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 445COMMON

Download Yara Rule

Strings

fts5vocab, xrefs: 22061340
fts5, xrefs: 22061053, 22061395, 220613E7
unicode61, xrefs: 22061279, 2206130F
porter, xrefs: 220612BF
snippet, xrefs: 22061200
unable to delete/modify user-function due to active statements, xrefs: 220613BF, 220614B8
fts5_source_id, xrefs: 2206148D, 220614E0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: fts5$fts5_source_id$fts5vocab$porter$snippet$unable to delete/modify user-function due to active statements$unicode61
API String ID: 0-2986783930
Opcode ID: 4acb27c4e15134c525b32d6b833bb67cdd9abfded62cd1783eaccc1471bad7a3
Instruction ID: 128d10bcf7c5904c35a50bcec303eefb753b55912ec26c6335c4f9e5017cf33c
Opcode Fuzzy Hash: 4acb27c4e15134c525b32d6b833bb67cdd9abfded62cd1783eaccc1471bad7a3
Instruction Fuzzy Hash: 3FF1A3B09407019FE7018F25D988F3BBBE5BF50344F040A28FD059A356EBBADA54DB96

Function 22061710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON

Download Yara Rule

Strings

%z%s%Q, xrefs: 2206180D
rank, xrefs: 22061824
CREATE TABLE x(, xrefs: 220617D9
%z, %Q HIDDEN, %s HIDDEN), xrefs: 22061831

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
API String ID: 0-3324442540
Opcode ID: 0d6a1531a36e72f92f54c126aa00f1942707e3fb11c6909e2df0df50e0087432
Instruction ID: 69cc361b80de215bbf53cd842aaaa302c67467fb24cd5d09a936a44a1851c169
Opcode Fuzzy Hash: 0d6a1531a36e72f92f54c126aa00f1942707e3fb11c6909e2df0df50e0087432
Instruction Fuzzy Hash: D281BD72E44311AFDB018F24DD84F2AB7E4BF54259F040629FD44A7222DB7ADA50DBA2

Function 2202E320 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

API called with finalized prepared statement, xrefs: 2202E36A
misuse, xrefs: 2202E380
%s at line %d of [%.10s], xrefs: 2202E385
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2202E376

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: 74143d724a4cdd7eec3095638b93eb115b312fe1c3bada3ec9a471d664e13c83
Instruction ID: 1fbb61d0e58904e9b62ac5dfa0e72797f2d28ef79a97e42fe998effc96f547dc
Opcode Fuzzy Hash: 74143d724a4cdd7eec3095638b93eb115b312fe1c3bada3ec9a471d664e13c83
Instruction Fuzzy Hash: 0051B771980B509FE7029F24C98CF5A37A8AF14349F044736FD059624ADBBAE644DBA2

Function 220D74A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON

Download Yara Rule

Strings

unable to close due to unfinalized statements or unfinished backups, xrefs: 220D75D1
misuse, xrefs: 220D74D7
invalid, xrefs: 220D74BC
API call with %s database connection pointer, xrefs: 220D74C1
%s at line %d of [%.10s], xrefs: 220D74DC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220D74CD

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 0-3800776574
Opcode ID: db19a4cec6afc00f87d2f275e8d9de287e479e81b0be9e9361938118dd5e6185
Instruction ID: 2127216f1228a5476d9ec5bcf6736c988d04309b889abad3246b3c1fcf9da47b
Opcode Fuzzy Hash: db19a4cec6afc00f87d2f275e8d9de287e479e81b0be9e9361938118dd5e6185
Instruction Fuzzy Hash: 81517876A41700ABE3138B38AD48F9B73E5EF50318F040538F9599322AEB75F641D6A3

Function 220D32F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220D36C2, 220D3707, 220D3767, 220D3818
%s at line %d of [%.10s], xrefs: 220D36C7, 220D370C, 220D376C, 220D381D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220D36B8, 220D36FD, 220D375D, 220D380E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c054d50221f247eb7dc93cb4abfba9537e3e05661cc3a303a93aa4f4492c859e
Instruction ID: b96ee895faca4afb870276ffab11555c78a5a4355725308e027ae3c17af48716
Opcode Fuzzy Hash: c054d50221f247eb7dc93cb4abfba9537e3e05661cc3a303a93aa4f4492c859e
Instruction Fuzzy Hash: 59F1A672641751AFD301CF28C9C0B67BBE0FF54318F4446A8E8588B246E736FA56DBA1

Function 21FFE420 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

another row available, xrefs: 21FFE7A3, 21FFE7AE
%c%04d-%02d-%02d %02d:%02d:%06.3f, xrefs: 21FFE717
no more rows available, xrefs: 21FFE79C
d, xrefs: 21FFE71D
abort due to ROLLBACK, xrefs: 21FFE795
unknown error, xrefs: 21FFE76B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %c%04d-%02d-%02d %02d:%02d:%06.3f$abort due to ROLLBACK$another row available$d$no more rows available$unknown error
API String ID: 0-322231948
Opcode ID: bdd6b78dca15637ad2df60574ffcd2376bc48917c24f6e3553292c25739cc3e5
Instruction ID: 73b337be4a5547bcf600a43fcca0c540ec7ec52ef1a04d88bbcff2e8775430e7
Opcode Fuzzy Hash: bdd6b78dca15637ad2df60574ffcd2376bc48917c24f6e3553292c25739cc3e5
Instruction Fuzzy Hash: 02E1D5715083409FE700CF24C884B5BBBE6AF85304F65492DF9A9972A2F7B6D505CB93

Function 220028E5 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 220029F1
malformed inverted index for FTS5 table %s.%s, xrefs: 22002A8A
unable to validate the inverted index for FTS5 table %s.%s: %s, xrefs: 22002AA0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS5 table %s.%s$unable to validate the inverted index for FTS5 table %s.%s: %s
API String ID: 0-3572959941
Opcode ID: 4438ec5e0fadb27afbb04e63c9a8b1bbe322beecf43d241d2e321b9b43fdc15f
Instruction ID: 79f9e932204044ce1a12321251cf608f0b60a222121e814cd0d16a274498986e
Opcode Fuzzy Hash: 4438ec5e0fadb27afbb04e63c9a8b1bbe322beecf43d241d2e321b9b43fdc15f
Instruction Fuzzy Hash: 1C411572541311AFF3118B25DC8CEA777A8EF48355F040A29FD4582106DFBA9754CBA2

Function 220200A0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 334COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2202010E, 22020266, 22020411, 2202043C
%s at line %d of [%.10s], xrefs: 22020113, 2202026B, 22020416, 22020441
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22020104, 2202025C, 22020407, 22020432

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 4d2bfa1b3671684bb87a0092edb64610155ec661fa97c75826deda463fe0dbef
Instruction ID: 972b8018d288d01774e24870f3c5c4a8410f4b0b1f612e9a7140544d76a182dc
Opcode Fuzzy Hash: 4d2bfa1b3671684bb87a0092edb64610155ec661fa97c75826deda463fe0dbef
Instruction Fuzzy Hash: 04B13A72A083515FC305CF19C8C096BFBE1EF94205F4846BEF5999B346D23AD649CBA2

Function 2202CEA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 286COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2202CF52, 2202CF82, 2202D0A2, 2202D12B
%s at line %d of [%.10s], xrefs: 2202CF57, 2202CF87, 2202D0A7, 2202D130
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2202CF48, 2202CF78, 2202D098, 2202D121

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 3736445a97b31fdd63a6a46cac16dc93914f98fc872a1b6d52d21a35908d209d
Instruction ID: 5a6b668cee2cc2ea8098524443bffc8c915087392b65d29876ad10bcb8da35a9
Opcode Fuzzy Hash: 3736445a97b31fdd63a6a46cac16dc93914f98fc872a1b6d52d21a35908d209d
Instruction Fuzzy Hash: B4915A317483956FC304DE2998909BABFE0EBA5215F8842BFF8D487742D129C609D7A2

Function 21FE9700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

(FK), xrefs: 21FE98D3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: (FK)
API String ID: 0-1642768157
Opcode ID: 92ac2565fb4de346b5e298d826512561766591f09986b0e004c4ce075e48be47
Instruction ID: 5e8534ed26d2568e870b936db26a3f94063449e11ecb965c9c36b14fe733a641
Opcode Fuzzy Hash: 92ac2565fb4de346b5e298d826512561766591f09986b0e004c4ce075e48be47
Instruction Fuzzy Hash: 8781E5B37053009FE7109F18EC40B6AB7A2FB85335F24076EE95A866A1E733D514D760

Function 22168D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON

Download Yara Rule

Strings

%s-shm, xrefs: 22168DF2
readonly_shm, xrefs: 22168F52
winOpenShm, xrefs: 22168FB9

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s-shm$readonly_shm$winOpenShm
API String ID: 0-2815843928
Opcode ID: 707497627401d0ff054cc8320c1d2c76ae18bfe2b7443fcd67944a361322ea98
Instruction ID: c830390b2f1389d7a925ac11894bf3bd6e12dc9a6b91f8fb9215d200c12664cb
Opcode Fuzzy Hash: 707497627401d0ff054cc8320c1d2c76ae18bfe2b7443fcd67944a361322ea98
Instruction Fuzzy Hash: 1191B5B19807019FD7109F64CD48F7B77A8AF10304F450A69FD459724AEB7AEA28CF92

Function 21FFEB00 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

%.*s%s, xrefs: 21FFEC88
database corruption, xrefs: 21FFECD5
%s at line %d of [%.10s], xrefs: 21FFECDA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FFECCB

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %.*s%s$%s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-894757972
Opcode ID: 03a4495cb8154d1651a769591ded2e3c191740dedfd84b22bd581177f9d1b04f
Instruction ID: a18aab58ce91f2f7b18ea5ce4cff47681560aa76a0eaf802f9968370260e44b5
Opcode Fuzzy Hash: 03a4495cb8154d1651a769591ded2e3c191740dedfd84b22bd581177f9d1b04f
Instruction Fuzzy Hash: 78613371604305DFD715CF14C880B9BBBE2AF85300F16096CF9699B3A2E772EA05CB91

Function 21FF1120 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 169COMMON

Download Yara Rule

Strings

rbu_memory, xrefs: 21FF11F5
main, xrefs: 21FF11A6
XD!", xrefs: 21FF1253

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: XD!"$main$rbu_memory
API String ID: 0-1406966062
Opcode ID: 2245d96744e43030d5141e5d7f7af0908456a0b7311ab39c574f4973253edc13
Instruction ID: cace6c113e27258d45a96ad3248d0c47a2e064f08ee87f6befcb74512e35f79d
Opcode Fuzzy Hash: 2245d96744e43030d5141e5d7f7af0908456a0b7311ab39c574f4973253edc13
Instruction Fuzzy Hash: 4E5101B6608301EFE7008FA5D884F17B7EAAB46310F00452DED15C72A2EBB7E905CB91

Function 22089030 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 169COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22089059, 2208918C, 220891C3, 220891EE
%s at line %d of [%.10s], xrefs: 2208905E, 22089191, 220891C8, 220891F3
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2208904F, 22089182, 220891B9, 220891E4

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 6793af276dd2302af7ed21faaab6af9d0888897725783f00fe014b6b6e685001
Instruction ID: 68f73c4a6f5f9e5896f651968d4ada3cb9d9877f765341cfb57cebd9bd9a3c7d
Opcode Fuzzy Hash: 6793af276dd2302af7ed21faaab6af9d0888897725783f00fe014b6b6e685001
Instruction Fuzzy Hash: A9515571B08304AFC311EA18CD88F7BB7E1EB84315F954869F49AC7742D326E685DB62

Function 21FFF330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 21FFF33F
unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 21FFF418
malformed inverted index for FTS%d table %s.%s, xrefs: 21FFF3F3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
API String ID: 0-2809892521
Opcode ID: 70fe9f2b5895ef3eb94ef1cdd155dc80dbede9211d4252c59a8460fd2b9eb1f3
Instruction ID: be60b9fadbc3fd676ee4cf9e5b5e64d92de9c2fee49ac5b7198fb026305eed21
Opcode Fuzzy Hash: 70fe9f2b5895ef3eb94ef1cdd155dc80dbede9211d4252c59a8460fd2b9eb1f3
Instruction Fuzzy Hash: 514114B2941211EFF300DB24DC4CE5B3BA9EF41251F050A29FD12C215AEBBB9654CBA2

Function 22006E30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 30COMMON

Download Yara Rule

Strings

misuse, xrefs: 22006E62
invalid, xrefs: 22006E47
API call with %s database connection pointer, xrefs: 22006E4C
%s at line %d of [%.10s], xrefs: 22006E67
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22006E58

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 8ee531a1246912f2919273428b8ed071d9a6620d897c955c18852350688bfe43
Instruction ID: 094c938645e3dc16e9cd9aa15696947c2844f6f7b945fe0c448a70d0fe2d5360
Opcode Fuzzy Hash: 8ee531a1246912f2919273428b8ed071d9a6620d897c955c18852350688bfe43
Instruction Fuzzy Hash: B9F0A724784798AEFB1A5294CEC1FB53BD71B50709F950068E3755E19EC21AC6436241

Function 22006EB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 29COMMON

Download Yara Rule

Strings

misuse, xrefs: 22006EE5
invalid, xrefs: 22006ECA
API call with %s database connection pointer, xrefs: 22006ECF
%s at line %d of [%.10s], xrefs: 22006EEA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22006EDB

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: b37507ce2ada8c173d5c192c3ddaf2fa6d04f42e418dc16af5f776ce3f515cdf
Instruction ID: 2bc5aa8e64443a80bb6e1906f4d18a0242c1489098028de8aee5df4d873670ec
Opcode Fuzzy Hash: b37507ce2ada8c173d5c192c3ddaf2fa6d04f42e418dc16af5f776ce3f515cdf
Instruction Fuzzy Hash: E0F0ED20784B98AFFB1642A0CEA0FB63BC71B90706F8240B4F3345E1EBE658C7406200

Function 21FF30F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f47012d8f9f828491d3ba5691616ea5c0f1ebc47fb1d37974eb8cf2f428fe4
Instruction ID: bf26f34b54b5c6050865a50a1ade5333d142196ac3728220b6e82300f57fcc21
Opcode Fuzzy Hash: 94f47012d8f9f828491d3ba5691616ea5c0f1ebc47fb1d37974eb8cf2f428fe4
Instruction Fuzzy Hash: 10516476608201BFD741EB64FC44EAB7BE2AF85320F0945A8F158871B2E336DD51DB51

Function 21FEE260 Relevance: 10.8, APIs: 7, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f28359ab390e12fef2ae9b4fd124fc42f15977dac4aec0945df2020490b55547
Instruction ID: 7d9df6cfc49d18037686b87a3c0fc7557545b5d26da4b768516c093b9a111745
Opcode Fuzzy Hash: f28359ab390e12fef2ae9b4fd124fc42f15977dac4aec0945df2020490b55547
Instruction Fuzzy Hash: 65A10772A043419FD705CF28D854A5ABBE3AF86314F28096DE9B8D7253F333D9458B52

Function 220EF0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON

Download Yara Rule

Strings

misuse, xrefs: 220EF1E6, 220EF327
%s at line %d of [%.10s], xrefs: 220EF1EB, 220EF32C
unable to delete/modify user-function due to active statements, xrefs: 220EF157, 220EF298
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220EF1DC, 220EF31D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: 8038cfe5b61b0d1572b0e7364207c2ddf1a83ea9ed68235f8ca44bc39b873f50
Instruction ID: ac92d461776df5d1e7e319c7b442488ca874b57b079dd4ba5b957a39b0093cb7
Opcode Fuzzy Hash: 8038cfe5b61b0d1572b0e7364207c2ddf1a83ea9ed68235f8ca44bc39b873f50
Instruction Fuzzy Hash: A66137B1640B056FE3128F20CD89F9777D5AF51308F044238E92E5A682EFA9E69097E5

Function 220744F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 208COMMON

Download Yara Rule

Strings

row, xrefs: 220746A1
fts5vocab: unknown table type: %Q, xrefs: 220746DE
instance, xrefs: 220746BF
col, xrefs: 22074679

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: col$fts5vocab: unknown table type: %Q$instance$row
API String ID: 0-195232091
Opcode ID: 9558605ce18a31b12ef808e76157a5e2160a94ccac9f41592846c78d91bf5807
Instruction ID: 29aaaaf9d5706dfacfc5a06a17d9cd4418ea047e5dfd1912bd2bdba2029d8686
Opcode Fuzzy Hash: 9558605ce18a31b12ef808e76157a5e2160a94ccac9f41592846c78d91bf5807
Instruction Fuzzy Hash: F3612C71D817618FD7069F249D88E4B37F4AB50309F400A34ED059720AEB7A9A18DB9B

Function 220009C2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

cannot UPDATE a subset of columns on fts5 contentless-delete table: %s, xrefs: 22000B3B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: cannot UPDATE a subset of columns on fts5 contentless-delete table: %s
API String ID: 0-2869280805
Opcode ID: 1ff883d291ed88a20b23dff7a49c0360058fb321a58ee157e53de220ea715511
Instruction ID: 502c62b7296c2420bd0021473c83e3ad350269facde0729105887fb12b13ddb1
Opcode Fuzzy Hash: 1ff883d291ed88a20b23dff7a49c0360058fb321a58ee157e53de220ea715511
Instruction Fuzzy Hash: DA41F0B6701301AFE7019F59EC80E66F3E6FF85325B040ABAE61487611E732EA14D7A1

Function 21FE8C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

winAccess, xrefs: 21FE8D60
delayed %dms for lock/sharing conflict at line %d, xrefs: 21FE8D35

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 0-1873940834
Opcode ID: 2e8e5f94fce6b888f9c32bf0c30fa7fe83bc184d89811194eadc565832debc65
Instruction ID: 36cfc3b0b8932ea3e9bf67ef1a28d29926f2688ad46eab217f3a86fa57e4c83b
Opcode Fuzzy Hash: 2e8e5f94fce6b888f9c32bf0c30fa7fe83bc184d89811194eadc565832debc65
Instruction Fuzzy Hash: A2413C72905301EFD315FF288899A5EFBE3ABA6310F850A3DF979522D1D633D5448682

Function 2210E5B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 147COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2210E675
tVj, xrefs: 2210E6F7
%s at line %d of [%.10s], xrefs: 2210E67A
d., xrefs: 2210E6E7
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2210E66B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$tVj$d.
API String ID: 0-1527448856
Opcode ID: 48012763e65b2a84371a3c248a38ed7ca1856a26e5962ba03b27623c301198b3
Instruction ID: e863bbbbd42ebb0495e2920c53e482dc38bab246c3a4af0e66a906cb340bae82
Opcode Fuzzy Hash: 48012763e65b2a84371a3c248a38ed7ca1856a26e5962ba03b27623c301198b3
Instruction Fuzzy Hash: BE413472590300AED7519FA2E980FABB7E4AF50348F044479ED4996513E732E746CBE2

Function 220F9350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 129b38e419e2bfd0dd464e90c83f3c802788a588596a12999cdaae508e3572d1
Instruction ID: 1147f2331e0eea55d9e4eb22b42d23e4454909393ddca574bc15d045a597f3c4
Opcode Fuzzy Hash: 129b38e419e2bfd0dd464e90c83f3c802788a588596a12999cdaae508e3572d1
Instruction Fuzzy Hash: D35160718802109FE7165B34DA8CE2737B9AF20349B040B24FD068211EDFBBE554EF66

Function 2205C650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

PRAGMA %Q.data_version, xrefs: 2205C67C

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.data_version
API String ID: 0-2870853266
Opcode ID: 07df4497b18d608fd3e20c6751fcf4946d21561931e0d1cd39d4b5a8b0f01001
Instruction ID: d194e05e7b02ebd32fe5d223e0bcb70fd44358d634611ee14aa5443a92c9d90b
Opcode Fuzzy Hash: 07df4497b18d608fd3e20c6751fcf4946d21561931e0d1cd39d4b5a8b0f01001
Instruction Fuzzy Hash: 7611C3B6B003058FD701EE29FC41696F7D5FF98322F54453AE90492601EB37A92D9BB2

Function 221B05B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,92ECC20E,?,221B06F5,?,?), ref: 221B0675

Strings

api-ms-, xrefs: 221B060B
ext-ms-, xrefs: 221B061F

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: f4cb17542cc35094520a487ca097711551f3c4145706164b5a42c413cab48494
Instruction ID: 5427e5b6a653122f4f429b252988000d2bd1faf2b424e3ca12dc5deaecc4b46e
Opcode Fuzzy Hash: f4cb17542cc35094520a487ca097711551f3c4145706164b5a42c413cab48494
Instruction Fuzzy Hash: 3F21AB31A8132197D7119B75CD84FDA7779BF82770F150620ED15A7286DA35EF00CAD4

Function 2210C6F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 70COMMON

Download Yara Rule

Strings

a CHECK constraint, xrefs: 2210C714, 2210C72B
a generated column, xrefs: 2210C722
F9", xrefs: 2210C6F1, 2210C74E
an index, xrefs: 2210C71D
non-deterministic use of %s() in %s, xrefs: 2210C732

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: F9"$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 0-2479470916
Opcode ID: 81c4a84a7540b158570fdea473ef579a3e74b3ce83e360acac7d65e26d29c973
Instruction ID: 5e423048d88a1452e4fdad4c4e073d106a95a75f8e73e0a87ff6cc7ef13fe5f4
Opcode Fuzzy Hash: 81c4a84a7540b158570fdea473ef579a3e74b3ce83e360acac7d65e26d29c973
Instruction Fuzzy Hash: 952135B06802219FE7009F28DD88F9637A5BF01364F040724FD15D229ADB76E795CF92

Function 220831F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0b2b6bff1597964e7f1b32ad93e6706b7cfc401fb92a0994ad62a198830b8e
Instruction ID: 02ddda60dc56fb46c7efa8c8edf8bfdafefbe7c307d469d00f3dcd9ab150bdc7
Opcode Fuzzy Hash: 5c0b2b6bff1597964e7f1b32ad93e6706b7cfc401fb92a0994ad62a198830b8e
Instruction Fuzzy Hash: EEF1C071A043419FD7068F28D580B6BBBE0AFC4328F044679E9999B242D736EA45DB93

Function 22004E00 Relevance: 9.2, APIs: 6, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a6d780f9d8805a1bc640c4b8dd0e9ce3fd28f84430f1f9743d2d7cc7f0955b
Instruction ID: 39fa6f4959bcd528062ae6ee95c03f8c12a3a8b7a9b2e876bea2e2214fefbb21
Opcode Fuzzy Hash: f6a6d780f9d8805a1bc640c4b8dd0e9ce3fd28f84430f1f9743d2d7cc7f0955b
Instruction Fuzzy Hash: 6281AC715443109BF701DF18D948B2B7BE4FB40319F440A28FE4497256EB7AEA08DBA7

Function 21FF6DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON

Download Yara Rule

Strings

recursively defined fts5 content table, xrefs: 21FF6DE2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: recursively defined fts5 content table
API String ID: 0-437020801
Opcode ID: 0bd7e5a1b498ad1f4777968c1a2405eda8672b9e3704e75949e75fad1b044434
Instruction ID: e426de9a7b23a43c01337e1b8136f1742cd24eeb3ae6a3df1676919814daf14a
Opcode Fuzzy Hash: 0bd7e5a1b498ad1f4777968c1a2405eda8672b9e3704e75949e75fad1b044434
Instruction Fuzzy Hash: 7CD1F175504300DFD705CF19C480B57BBE2FF89324F440A9EE8A98B2A2D7B6D586CB92

Function 22076180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 335COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 22076436
expected integer, got "%.*s", xrefs: 2207648D
fts5 expression tree is too large (maximum depth %d), xrefs: 22076349
NEAR, xrefs: 2207642A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: NEAR$expected integer, got "%.*s"$fts5 expression tree is too large (maximum depth %d)$fts5: syntax error near "%.*s"
API String ID: 0-2846580575
Opcode ID: c405c60ac479eaab4e19c67afdc94f6d423472ddbe39c4c51d850edfe27e5c95
Instruction ID: 2302b6cb4fada314e2788e20ac236227bdd385bc4ba582cd590fc85d23d26d92
Opcode Fuzzy Hash: c405c60ac479eaab4e19c67afdc94f6d423472ddbe39c4c51d850edfe27e5c95
Instruction Fuzzy Hash: 80C1AFB5944306AFD7128FA0C980F1AF7F8FF18314F044A69E9569B242E771E560EBA4

Function 2200C0F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 276COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2200C11F, 2200C16A
%s at line %d of [%.10s], xrefs: 2200C124, 2200C16F
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2200C115, 2200C160

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: f74cdf7a6c82f2c711f348e89e697884668a61dce1830c566ba943262334f725
Instruction ID: 08fd4dc7eccbbf4a3699f153c89e6da60e427f26338da09b5a12755fece832b7
Opcode Fuzzy Hash: f74cdf7a6c82f2c711f348e89e697884668a61dce1830c566ba943262334f725
Instruction Fuzzy Hash: FDA1BE766043019FE704DF28D980A6ABBE1FFD8314F48496DF9489B315E731EA09DB92

Function 22010F60 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 264COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22011282
D$!", xrefs: 22011154, 22011198, 220111C3, 220111DB
%s at line %d of [%.10s], xrefs: 22011287
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2201126C, 22011278

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$D$!"$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-3874607862
Opcode ID: 06f7a45f1d14a048a654f32ea3e01f9fd15d81064a49e6acf5ae488a0b498088
Instruction ID: 21d50bf9cb00e2f4d5b046132bdbf02d7ed8f0f89b18b0e0e78d38e696151fb1
Opcode Fuzzy Hash: 06f7a45f1d14a048a654f32ea3e01f9fd15d81064a49e6acf5ae488a0b498088
Instruction Fuzzy Hash: 6CA1D2B09407418FD70ACF24C988F27B7E5AF50308F44092DED569B226EB76EA54DB92

Function 2207E4B0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 218COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2207E589, 2207E5BC
%s at line %d of [%.10s], xrefs: 2207E58E, 2207E5C1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2207E57F, 2207E5B2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9e9b74d0c2effc640cf8c1bb032e360ef5d4d6b35dc670facd55a424a868a38c
Instruction ID: 40c077dbf14fd0e20361e495cdb742e6304cfac089e27243c1786f84f01c4685
Opcode Fuzzy Hash: 9e9b74d0c2effc640cf8c1bb032e360ef5d4d6b35dc670facd55a424a868a38c
Instruction Fuzzy Hash: 7F7123716043456FC301CF29DD80A6ABBF4FF50215F44457EFA98C7642E324EA68D7A2

Function 22010970 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 207COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22010A9B, 22010B7D
%s at line %d of [%.10s], xrefs: 22010AA0, 22010B82
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22010A91, 22010B73

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 08ea3cce6f090266e301bd23221043c12b63a270b3a1a15c7619a25ac4ff544c
Instruction ID: 362de234082c07b0bbcf99c70e73a6d756d227729b656d8961aca942ba40499c
Opcode Fuzzy Hash: 08ea3cce6f090266e301bd23221043c12b63a270b3a1a15c7619a25ac4ff544c
Instruction Fuzzy Hash: 0A61EFB17003008FCB05DF28D980E5ABBE6FB88714F4605A9FC89AB356E771D944DB91

Function 220DABF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON

Download Yara Rule

Strings

misuse, xrefs: 220DAE18
%s at line %d of [%.10s], xrefs: 220DAE1D
unable to delete/modify user-function due to active statements, xrefs: 220DAD61
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220DAE0E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: d9547fa232bba5e27f8f98b0a960bcea71510394347393d0dd211eaf5bbbd3a3
Instruction ID: e46e293b9491f42a0d9887806b4e788f1f63900853ac281a038bde6ee41561ec
Opcode Fuzzy Hash: d9547fa232bba5e27f8f98b0a960bcea71510394347393d0dd211eaf5bbbd3a3
Instruction Fuzzy Hash: 2751F073206300AFD7118E26DD80B2FB7F4EF89359F04492DF68686251E73AD900EB62

Function 21FDA230 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

misuse, xrefs: 21FDA469, 21FDA4A7
%s at line %d of [%.10s], xrefs: 21FDA46E, 21FDA4AC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FDA45F, 21FDA49D

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 5127930689ff2c0e3592234315135f98d0f22755de21b2b14847ac25f0a59514
Instruction ID: 7b2f32f3ed07333d06cdc622af3f83978904ca95dc77c31034934467d3024521
Opcode Fuzzy Hash: 5127930689ff2c0e3592234315135f98d0f22755de21b2b14847ac25f0a59514
Instruction Fuzzy Hash: BA715972601740EFE711CF24C844FAB7BE6AF96304F08452CE96987242EB77E545C796

Function 21FEA860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

bytecode, xrefs: 21FEA96E
stmt-pointer, xrefs: 21FEA928
argument to %s() is not a valid SQL statement, xrefs: 21FEA97C
tables_used, xrefs: 21FEA973, 21FEA97B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: argument to %s() is not a valid SQL statement$bytecode$stmt-pointer$tables_used
API String ID: 0-361449301
Opcode ID: 2f1299dedf73ed2e4c247ae0c04d83ff4e211239c74d16dd5b16a012e16e6067
Instruction ID: 2c2a03cb5ec0ab6b5c165cec040711c0ff037b937067d6b392c423006495b91e
Opcode Fuzzy Hash: 2f1299dedf73ed2e4c247ae0c04d83ff4e211239c74d16dd5b16a012e16e6067
Instruction Fuzzy Hash: 8161B376500701EFE7118F24C989B5777E6EF45304F010A2DE9AA87242E777E658CBA1

Function 21FD2AF4 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,222194C2,00000104), ref: 221CEFDB

Strings

..., xrefs: 221CF029
Microsoft Visual C++ Runtime Library, xrefs: 221CF070
<program name unknown>, xrefs: 221CEFEA
Runtime Error!Program: , xrefs: 221CEFA7

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: f349c4808c690e9a91c8ab7a571e1b7847cee6c45ec85b779d16e827565f83ae
Instruction ID: f5f7964a44ca157e6675527fb75027029d51daa2103fd28e3e22a96ae21ae724
Opcode Fuzzy Hash: f349c4808c690e9a91c8ab7a571e1b7847cee6c45ec85b779d16e827565f83ae
Instruction Fuzzy Hash: C0214F77AC03067AE73456604D45FEB77DE9BB5794F080426FC18A214AFE17C725C292

Function 220023D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 150COMMON

Download Yara Rule

Strings

database %s is locked, xrefs: 22002541
no such database: %s, xrefs: 220024B4
main, xrefs: 22002491
cannot detach database %s, xrefs: 220024C3, 22002547

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: cannot detach database %s$database %s is locked$main$no such database: %s
API String ID: 0-3838832555
Opcode ID: 4bf7d07dc91fe903af36bd329c801e3c1a248d81758d3df40279dc671f2ec072
Instruction ID: 42aa9eacccbe09bd7ecff9d5c6ce07e303a8b358315dbce4350227806bba9e71
Opcode Fuzzy Hash: 4bf7d07dc91fe903af36bd329c801e3c1a248d81758d3df40279dc671f2ec072
Instruction Fuzzy Hash: D15103B16043009FF714CF14C990F2AB7E5BF88318F11456DE8594B392DB71EA41DBA2

Function 22004C00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

temp, xrefs: 22004C3E
invalid arguments to fts4aux constructor, xrefs: 22004C9E
CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN), xrefs: 22004CCB

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)$invalid arguments to fts4aux constructor$temp
API String ID: 0-537686372
Opcode ID: 366909657631e040d9bd1a0cc207582be194a64a70aba4bcaeceed7857ec7dfe
Instruction ID: a37b98f6ad5a49e0cc98c958fdf808368008e6650dae0f5d39f76d11bbf51de9
Opcode Fuzzy Hash: 366909657631e040d9bd1a0cc207582be194a64a70aba4bcaeceed7857ec7dfe
Instruction Fuzzy Hash: DA4126761003019FE7168F58D980EA67BF1EF55324F1944BDFDA98B206D632DB02AB70

Function 2201F490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 2201F533
misuse, xrefs: 2201F4BA
%s at line %d of [%.10s], xrefs: 2201F4BF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2201F4B0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 0-3348720253
Opcode ID: 8094378060d051a64b5a7a65bf7e9f293e365d5c6fe517200f692b3a879f424e
Instruction ID: 21836f372009a41b504db2b9d2b2fb7a82647dc5992d4898c191364450a39116
Opcode Fuzzy Hash: 8094378060d051a64b5a7a65bf7e9f293e365d5c6fe517200f692b3a879f424e
Instruction Fuzzy Hash: 6E4139722043009FD7118F28EC84B6AF7E4EF81329F14457EF6559B282EB72E615EB61

Function 2200E030 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2200E0F2, 2200E128
%s at line %d of [%.10s], xrefs: 2200E0F7, 2200E12D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2200E0E8, 2200E11E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 0dfb348559863d2d169923d9f22c6a05904e1e9a6e67130b60d94e81e17700f4
Instruction ID: b051904b1e1bd8ca76bab3d554ab2868ee2ea4ac38b25e77cde218cf9d589b8d
Opcode Fuzzy Hash: 0dfb348559863d2d169923d9f22c6a05904e1e9a6e67130b60d94e81e17700f4
Instruction Fuzzy Hash: F74146717043015BF305DE29DDC0BAABBE0EB90615F84453DF9A592782E324EB5CE762

Function 21FEC2B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

%!.*f, xrefs: 21FEC3AE

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %!.*f
API String ID: 0-786758813
Opcode ID: 85e78d7933f70a1461be903667e9313eb0ff48873b97491ce3cce73ceac07566
Instruction ID: 92eff5b86f24eca3c3019b526c6e2de282f0b495b0d55267f8a4ff1ff8afa6d7
Opcode Fuzzy Hash: 85e78d7933f70a1461be903667e9313eb0ff48873b97491ce3cce73ceac07566
Instruction Fuzzy Hash: D3316B72804F199ED3079A388806A6B77966F93381F054769FCBD7A002E7379A5682D2

Function 220AEBD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220AEC4C
CREATE , xrefs: 220AEBFF
%s at line %d of [%.10s], xrefs: 220AEC51
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220AEC42

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$CREATE $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1360532505
Opcode ID: 9246671de2d7c4fbf3f7af0e387c8effd13c8357a2938177fdf874ec2147fb6b
Instruction ID: 5f3f9d5d55240e746f51b780e18dab6525cf4b909e07fbeef5fb52dfadc5a7a0
Opcode Fuzzy Hash: 9246671de2d7c4fbf3f7af0e387c8effd13c8357a2938177fdf874ec2147fb6b
Instruction Fuzzy Hash: B2318EA25043C19DE7130BA99D50FA27FE1AF5525DF5400BBFAD54E147E3268381E731

Function 22007050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

invalid, xrefs: 2200706F
API call with %s database connection pointer, xrefs: 22007074
bad parameter or other API misuse, xrefs: 22007083
out of memory, xrefs: 22007059, 220070A2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
API String ID: 0-453588374
Opcode ID: b53be90a6ce5e6bacc229a2c682ddfdf96f151c7932ecb25193f4fcb6d61e2ce
Instruction ID: 22d90c2dbd5f253cb48dedc53d596109aff71c7fe74c07c89abdcc4610d695bb
Opcode Fuzzy Hash: b53be90a6ce5e6bacc229a2c682ddfdf96f151c7932ecb25193f4fcb6d61e2ce
Instruction Fuzzy Hash: 9D315BA164070097F72647289D0AFDB33E65B80304F294639E4559729BD62DFF47A392

Function 220893A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22089450, 22089494
%s at line %d of [%.10s], xrefs: 22089455, 22089499
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22089446, 2208948A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 4e9d4a5a700dcbeeffdeb17761a1672fb00320bb5208f10379982d182c61bf00
Instruction ID: 22c9ba0c4abb7cd7278c80e8141a974242d75e8a8610bb8a81aa1c3ceb4b5d48
Opcode Fuzzy Hash: 4e9d4a5a700dcbeeffdeb17761a1672fb00320bb5208f10379982d182c61bf00
Instruction Fuzzy Hash: 5B317A35B40B545BD325EF28C8C0EB3BBF29F95305B54806CEAD24B74AE322E941D750

Function 22014F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22014F6C, 22014FFD
%s at line %d of [%.10s], xrefs: 22014F71, 22015002
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22014F62, 22014FF3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 2122778efc60dddd5b80c0a335c90aa8ecb82e1cfee6b936148e63193c813dab
Instruction ID: b534ea79cf57d35b7eb0792d552031aa9bf91ef00557da943f078adf94964138
Opcode Fuzzy Hash: 2122778efc60dddd5b80c0a335c90aa8ecb82e1cfee6b936148e63193c813dab
Instruction Fuzzy Hash: 733125762007426BD302DB29DD80BA5BBE0FF55315F094266F468CBA82E325EA60D7A0

Function 22089290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220892A6, 22089334
%s at line %d of [%.10s], xrefs: 220892AB, 22089339
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2208929C, 2208932A

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: e54c0fdd8f90bb4dc781f5092e4629a14fa307b61922f9052dfe460c718fb7a8
Instruction ID: 481dbc3a6639b1e43d8694c4da24ef71022e7a013bc89fa343017474bf55b557
Opcode Fuzzy Hash: e54c0fdd8f90bb4dc781f5092e4629a14fa307b61922f9052dfe460c718fb7a8
Instruction Fuzzy Hash: C7216E21644B905AD332DF3889C0EA3BFF59F25300B45445CE6E68775AE232E641C751

Function 21FF33C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 21FF33D6

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
API String ID: 0-1935849370
Opcode ID: d5078383f1001152b9c94ab5340fdc1e7bcaff93c028f5251e2394fda20fdf59
Instruction ID: a7246c5319c41f7a9fe78292f693920873a18a721250f9b55a2e0a2d2b66b858
Opcode Fuzzy Hash: d5078383f1001152b9c94ab5340fdc1e7bcaff93c028f5251e2394fda20fdf59
Instruction Fuzzy Hash: 5701D2797002139ED302DF19E800B8BB3D6EFC5311F098166F6148B280EBB5A5878BA1

Function 220F6A20 Relevance: 8.0, APIs: 5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c78588cc017b9c8806a7ee3f8e0b92d8032d0e6965f33b5faef9c945162fec
Instruction ID: 021eaac8c500402a5b7afca21f7039258dc4c3098eddc0293979f936b8226315
Opcode Fuzzy Hash: 38c78588cc017b9c8806a7ee3f8e0b92d8032d0e6965f33b5faef9c945162fec
Instruction Fuzzy Hash: 8D029DB19843058FD301DFA5C988B1AB7E4BF54304F044A2DFD5487256EFBAEA48DB92

Function 2205AF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6112f6702daa3382ab7acdbe23807600ee3b3c9ebafa12538b9096e60f0dcffe
Instruction ID: 3a9c66807adf7ea7db63541693513859121b5e8e591754805a9b7c2a0b494eb6
Opcode Fuzzy Hash: 6112f6702daa3382ab7acdbe23807600ee3b3c9ebafa12538b9096e60f0dcffe
Instruction Fuzzy Hash: E3A16FB19416219BD7019F25CA8CE1B33A8BF10349F040B24FD059221EDF7AE664DFA6

Function 220F73C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 220F751C

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: fts5: syntax error near "%.*s"
API String ID: 0-498961494
Opcode ID: 2313a9b1365368e5f4bc4b2ee0b972a36c420c6b4c9983d023356cc446c6cb17
Instruction ID: 29ff41586b869f4ddcbe5949281a0138de5cd3aec6270bc27f5f0710c17079ef
Opcode Fuzzy Hash: 2313a9b1365368e5f4bc4b2ee0b972a36c420c6b4c9983d023356cc446c6cb17
Instruction Fuzzy Hash: AEB1AEB08843418FD311CF24C984B9BBBE4AF54348F444A2DF98587262EBB5F685DB97

Function 21FF82E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

[%d], xrefs: 21FF84C7

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: [%d]
API String ID: 0-394612830
Opcode ID: 1f13c367f3377999062a92888fbcf734b86e6dc881191b8c7eaef6af08a76495
Instruction ID: 46837574894692169d12ed6becb94206fdc7f5c6b49e263986248b5e0d1d037c
Opcode Fuzzy Hash: 1f13c367f3377999062a92888fbcf734b86e6dc881191b8c7eaef6af08a76495
Instruction Fuzzy Hash: FD710AB1504301AFEB20CF20DC84FA7B7EEAFC5714F58492DE5A5821D1E376E9098762

Function 220D6180 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220D6391
%s at line %d of [%.10s], xrefs: 220D6396
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220D6387

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7d6ace54ad381707ee9def44dae45839abd231fb3b9bec6b1be347e4512d2fdb
Instruction ID: d507ede8a3803c3bd8dba452bf415a7c25336e140f5a8a24dcd6c3c4b79e93a1
Opcode Fuzzy Hash: 7d6ace54ad381707ee9def44dae45839abd231fb3b9bec6b1be347e4512d2fdb
Instruction Fuzzy Hash: 0E71F373A093008BDB01DFA4E9C1BAE7BE0FF58324F950969E895CB242E335DA44D751

Function 220113A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 214COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22011463
%s at line %d of [%.10s], xrefs: 22011468
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22011459

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 81cdd76ca536a0c1c38813b2c6adc3c8b4b6a954ad0aee1c62f8bf33f3112907
Instruction ID: d7ea3449944419b02076ef5b1b7ad7541269113aa5a359fe9a12a971533c2964
Opcode Fuzzy Hash: 81cdd76ca536a0c1c38813b2c6adc3c8b4b6a954ad0aee1c62f8bf33f3112907
Instruction Fuzzy Hash: AA7107B26043009FD709CF24C880F5BB7E5AF98714F154AA9F8999B252D731EE45CB91

Function 22180FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 22180FE7
CatchIt.LIBVCRUNTIME ref: 221810CD

Strings

MOC, xrefs: 22180FF9
RCC, xrefs: 22181001

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 22d08e019150cb3ac667ed6cf343aac21c8ae49d518d6248cc32f2f50ed98647
Instruction ID: 81ae77bf6c9170f47a8fe2edb9812a19553c7b2aad540a53f07cd746bf9e0d2c
Opcode Fuzzy Hash: 22d08e019150cb3ac667ed6cf343aac21c8ae49d518d6248cc32f2f50ed98647
Instruction Fuzzy Hash: B3412872940249AFDF06CF94CE80EEE7BB6FF48304F148199EA14B6261D6359A50DF52

Function 22013060 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2201309C
%s at line %d of [%.10s], xrefs: 220130A1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22013092

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7a39ff5f414c27d33c8872043e91c352ceb0da1b0cabd2f3d52abce6edff3a32
Instruction ID: daaaa7f967cf9142c5749dfdbe94e926b4cb8d8dd92e48d2aa1e66cbf480d0ad
Opcode Fuzzy Hash: 7a39ff5f414c27d33c8872043e91c352ceb0da1b0cabd2f3d52abce6edff3a32
Instruction Fuzzy Hash: 7F61C2B16043459FCB04DF68C880A6BBBF4BF98704F40496DF9998B342E735DA45CBA2

Function 21FE4CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

temp, xrefs: 22073F91
wrong number of vtable arguments, xrefs: 22073FA9

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: temp$wrong number of vtable arguments
API String ID: 0-2849069181
Opcode ID: 122b4a307c6d727af6c48dbd8763ea78e0d4e1872df97bdccbe53215c5df3b6f
Instruction ID: e2b412d97ed930c9a13dbb1145182011c2f5dbbb96ab561b17fd4b70d33e1271
Opcode Fuzzy Hash: 122b4a307c6d727af6c48dbd8763ea78e0d4e1872df97bdccbe53215c5df3b6f
Instruction Fuzzy Hash: 0251E2B59043058FC715CF24D98096ABBF1FF89308F444A6DE59657302D332EA4ADF9A

Function 220AC640 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220AC7E7
%s at line %d of [%.10s], xrefs: 220AC7EC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220AC785, 220AC791, 220AC7DD

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 3feb6987e37ccca1f61b736e92e3a564a60b68c0e3aab8ca8b3f06ba9ce8d7cc
Instruction ID: 69d66404495e36d4f260701d4cc00c087e0cedc1790d0e639a04f984e77dfbb5
Opcode Fuzzy Hash: 3feb6987e37ccca1f61b736e92e3a564a60b68c0e3aab8ca8b3f06ba9ce8d7cc
Instruction Fuzzy Hash: 6851C5756083819FC309CF68C4D096ABBF1FF99204F59499DE5969B302D331E946CBA2

Function 220896B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220897EA
%s at line %d of [%.10s], xrefs: 220897EF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220897E0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: eadfed1250a679adcb70f528156c8f91d2f44034b9f8a9e3849229fb95cba2d5
Instruction ID: ebe67bf796e5e06e62384e71eaa235a1e1b74f14c9f05073e74dfecac226e6db
Opcode Fuzzy Hash: eadfed1250a679adcb70f528156c8f91d2f44034b9f8a9e3849229fb95cba2d5
Instruction Fuzzy Hash: 62415776604B908ED3329F789444A97FFE0DF51225F0808BED2D68B752E222E481E362

Function 21FE0300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON

Download Yara Rule

Strings

winWrite1, xrefs: 21FE045E
winWrite2, xrefs: 21FE043B
delayed %dms for lock/sharing conflict at line %d, xrefs: 21FE03FF

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 0-1808655853
Opcode ID: a4ad425020984be89d93281a924d58e733ab221b1814b8c5bd80f27795865a94
Instruction ID: c09d5d1d015d2f352bc830bcb300458156d31d601ccb0f3e7413b45c320d8dcf
Opcode Fuzzy Hash: a4ad425020984be89d93281a924d58e733ab221b1814b8c5bd80f27795865a94
Instruction Fuzzy Hash: 93412972700302EFD3449F18C88896FBBE5EB85310F910A2EFE29D6995D733D5458BA2

Function 220AD2E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220AD301
%s at line %d of [%.10s], xrefs: 220AD306
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220AD2F7

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1dfb085d2680fb3494c6600789771b1920b6e2d658fda31cfcf1bef2111f4697
Instruction ID: 4370f27c6d576046968f7aae14864a4b3249c57a8bb1ca2ad322f3b7df63cd4c
Opcode Fuzzy Hash: 1dfb085d2680fb3494c6600789771b1920b6e2d658fda31cfcf1bef2111f4697
Instruction Fuzzy Hash: F33128B29043006FD712DB54CC40F5BB7E8EF84364F840939FA45A3222EB31EA41DB92

Function 22168850 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 221688E2
delayed %dms for lock/sharing conflict at line %d, xrefs: 2216895F

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$os_win.c:%d: (%lu) %s(%s) - %s
API String ID: 0-1037342196
Opcode ID: ecec243ec53c8bef8e1e6929a15ffb814aab5f4436f1d5c7f0a084a9401fd664
Instruction ID: 10664057def2bbe37c91d786b3694aa3cffbb3bc1917c3ced8c5b5ca9677e642
Opcode Fuzzy Hash: ecec243ec53c8bef8e1e6929a15ffb814aab5f4436f1d5c7f0a084a9401fd664
Instruction Fuzzy Hash: F3219B716483469FD3259B14CD84FFFBBD9AFD4304F890C2CE59886192C6368A588753

Function 22015390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22015408
%s at line %d of [%.10s], xrefs: 2201540D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220153FE

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: a6f57322f54b09141912001ce69b416f5a31143ac34a2264ab6b9904d1a0acb0
Instruction ID: 1c4870dd72c9cbe69eebbd52c6a65715b3f9cd46c057915dcadafb770cef5745
Opcode Fuzzy Hash: a6f57322f54b09141912001ce69b416f5a31143ac34a2264ab6b9904d1a0acb0
Instruction Fuzzy Hash: E631AF2564075047D3228F3899807ABBFE09F5171BF44047EE9C5DF642E332E482E362

Function 22014130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22014258
%s at line %d of [%.10s], xrefs: 2201425D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220141A3, 220141EE, 220141FE, 2201424E

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: abc60e3e1ebd01455380a2a5856516de3e7e15baa11745ea5e4edb5cb5d2310b
Instruction ID: b68894b3d4af00e263b0f5716252395218156ef3dd9fd852dc7620e308847aa8
Opcode Fuzzy Hash: abc60e3e1ebd01455380a2a5856516de3e7e15baa11745ea5e4edb5cb5d2310b
Instruction Fuzzy Hash: 1031C1327083A11AC318CA1D9C80DB5BBE1EBC1216B45877EFDE5AB2D6C23CD644D790

Function 22021420 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22021475
%s at line %d of [%.10s], xrefs: 2202147A
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2202146B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 12123948e71356537d1526743ff724301a61a9305033edb6dc18e5d6827dc805
Instruction ID: d83bf2e98f735de6cad5cfecbec21976a97bdb39fafdfe0b1645c62ba289a549
Opcode Fuzzy Hash: 12123948e71356537d1526743ff724301a61a9305033edb6dc18e5d6827dc805
Instruction Fuzzy Hash: 0531D1B56053918FC311CF29D980D27FBF0EF95215B04869EE4968BA53D731E949CBA0

Function 22090010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22090096
%s at line %d of [%.10s], xrefs: 2209009B
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2209008C, 220900C2, 220900FE

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 203a9d0b453e7fe9753111257f9b1158b8f59a4419eef80e0188d56e2af45e80
Instruction ID: 9f7332a209f43f3e2222fee5bc1316d6730dd54201b3787f72125ea13454ec70
Opcode Fuzzy Hash: 203a9d0b453e7fe9753111257f9b1158b8f59a4419eef80e0188d56e2af45e80
Instruction Fuzzy Hash: 103158303087919BC711CE288CC0C66FBE2EFC1715F048A6EE5E68B386C235D549EB62

Function 21FDF000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

second argument to nth_value must be a positive integer, xrefs: 21FDF0C4

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: second argument to nth_value must be a positive integer
API String ID: 0-2620530100
Opcode ID: 286cd90eb2a5a503da90431927a03ddccbb54020986e18ba4a64bbccfb76e2de
Instruction ID: c82d94b406626bfc2c67b9eb01b0bb4f9f5838afcfc4ad4bee4bc27ebba2d926
Opcode Fuzzy Hash: 286cd90eb2a5a503da90431927a03ddccbb54020986e18ba4a64bbccfb76e2de
Instruction Fuzzy Hash: 12314BB3500312EBD7119F24DC40E3677E2BF12720F494528FC79A7181E723DA559692

Function 21FF05D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

Strings

rbu/zipvfs setup error, xrefs: 21FF061A
rbu(%s)/%z, xrefs: 21FF0697

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: rbu(%s)/%z$rbu/zipvfs setup error
API String ID: 0-199214844
Opcode ID: 0b7643ec883179e0a57b047d2bfb3404853bf379f508caac872f7e40e9b03a35
Instruction ID: 59c2bc2b79fc10701fb1a40acbbd5f1b81a0f61d9cb4d75f992e2d364465a859
Opcode Fuzzy Hash: 0b7643ec883179e0a57b047d2bfb3404853bf379f508caac872f7e40e9b03a35
Instruction Fuzzy Hash: C821E1B2600305AFD710CF19DC80A56B7E7EBD9720F25447EE96987652DB73E8048B92

Function 22015280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220152FC
%s at line %d of [%.10s], xrefs: 22015301
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220152F2

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 2656b7276f74c23669172733f0230c86031500799b8bcfb46b655c2a0436c9a1
Instruction ID: a42e1a4fc761da39d2fae315b8317d20e7863579c9556f4fb239b3d02348a0f2
Opcode Fuzzy Hash: 2656b7276f74c23669172733f0230c86031500799b8bcfb46b655c2a0436c9a1
Instruction Fuzzy Hash: 2D1132736013006BCB115A59BC40CDBBFE5DFD52B6F090675FA085B222E222CA21A3A2

Function 22138490 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

Strings

database corruption, xrefs: 221384CB
%s at line %d of [%.10s], xrefs: 221384D0
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 221384C1

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: d560e0abe70091475d70bbba2c6b8a781293db4603e562794ae4d95cfa078bab
Instruction ID: f8a6a076da39f2cedb67d93fda9351d2bc74c355c15f569b48d174ec84c71cbf
Opcode Fuzzy Hash: d560e0abe70091475d70bbba2c6b8a781293db4603e562794ae4d95cfa078bab
Instruction Fuzzy Hash: 3621F576380B009BD7218F58D880F93B3E6EF94311F42492EF95697742E731EB4587A1

Function 21FDB220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

misuse, xrefs: 21FDB233
%s at line %d of [%.10s], xrefs: 21FDB238
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FDB229

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 5812451aa867efaa2b99c762ddf54bd2e1e809210ace8f61d9ca838d3ab7c1f4
Instruction ID: e6b8f1fef0fb508ad0ffb64816bfbbfd21c096b9a046ad896a242a86a29fecb0
Opcode Fuzzy Hash: 5812451aa867efaa2b99c762ddf54bd2e1e809210ace8f61d9ca838d3ab7c1f4
Instruction Fuzzy Hash: 9B1120B3600701BBE7128F249C84E6F7BEEAFD2205F49452CF92593206EB32E545C7A1

Function 2202D6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

%s%s, xrefs: 2202D725

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s%s
API String ID: 0-3252725368
Opcode ID: fbc182da93a946d3954c6d24967c49168fcd90287ce5c4937af93b9e4f495de6
Instruction ID: a92b5b8a4fda5b7b7174645b189b49f9cc4f287270d1c4f08056625e3c43074c
Opcode Fuzzy Hash: fbc182da93a946d3954c6d24967c49168fcd90287ce5c4937af93b9e4f495de6
Instruction Fuzzy Hash: 5C11A2765406209FE7029B15DD88F5B33F9FF80259F040736FE0886209EB7E9A04CBA2

Function 220F6140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

CREATE TABLE %Q.'%q_%q'(%s)%s, xrefs: 220F6175
WITHOUT ROWID, xrefs: 220F6150, 220F6162
fts5: error creating shadow table %q_%s: %s, xrefs: 220F6197

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: WITHOUT ROWID$CREATE TABLE %Q.'%q_%q'(%s)%s$fts5: error creating shadow table %q_%s: %s
API String ID: 0-1971204597
Opcode ID: d4303e44dbb06b8361ecef081837da72cad085b9824e231055df0978839e6719
Instruction ID: 81395e60cf1c1d5356dc67343a9f6a8b9822a2e31f37d258f32293b10bedb50f
Opcode Fuzzy Hash: d4303e44dbb06b8361ecef081837da72cad085b9824e231055df0978839e6719
Instruction Fuzzy Hash: 81119071640210AFD7028F99DD8CE2BB7B5FB84349F044A28FD55D621ADB3AC514EBA2

Function 2207A6B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

Strings

database corruption, xrefs: 2207A6CD
%s at line %d of [%.10s], xrefs: 2207A6D2
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2207A6C3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 44dd667ce04adf16f704cc78dbeb5904f46aeff1afc0494a8f1e23762e92ada1
Instruction ID: d482350335b6cd9b2a31c815f26dc6173cc857f961caa6f83003041e3e4535a9
Opcode Fuzzy Hash: 44dd667ce04adf16f704cc78dbeb5904f46aeff1afc0494a8f1e23762e92ada1
Instruction Fuzzy Hash: D4119AB2604301AFD701CF59DC80F5BB7F9EBC0320F4508A9F6549B261E336A955DB62

Function 22014DA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

database corruption, xrefs: 22014E22
%s at line %d of [%.10s], xrefs: 22014E27
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 22014E18

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 076cd15db5f4bcc4b2b1bea58e8cd3ead4083483ec472389e4d7818d12e7167c
Instruction ID: 2fa3717dc034501601436276c1405495f43f6130782bc0663ec883ba46fced33
Opcode Fuzzy Hash: 076cd15db5f4bcc4b2b1bea58e8cd3ead4083483ec472389e4d7818d12e7167c
Instruction Fuzzy Hash: 41118EB2701311DFC310DF58C880E8AFBE5EFA4358F5544AAF5589B222D332E942DB91

Function 21FE2380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

Strings

misuse, xrefs: 21FE2406
%s at line %d of [%.10s], xrefs: 21FE240B
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FE23FC

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: f1df59877a11da8759b90294f98e6994ef18c106ed95806e67930353fd3e1408
Instruction ID: f23d3779696a30238996db0b312656887b185cd9bf6804010f23aeaa44baccd2
Opcode Fuzzy Hash: f1df59877a11da8759b90294f98e6994ef18c106ed95806e67930353fd3e1408
Instruction Fuzzy Hash: 3611B171304302EFE718CF1CDC80E56B7A5AF98304F41409CF6558B256E732EA86CB91

Function 21FFF0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 21FFF105

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: e14727a0797f07c4761d4a515709fefe13cc527209e7a56d69d24985d369870f
Instruction ID: bd52a3f625461b4519da9cba816770dcbc9f9088432215710ca9048691b08d48
Opcode Fuzzy Hash: e14727a0797f07c4761d4a515709fefe13cc527209e7a56d69d24985d369870f
Instruction Fuzzy Hash: 5901B537304241AEE321866EFC40FA7BBDAEBD6720F09046DF5BDC3211D36298858361

Function 22000D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 22000D87

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: b9f7f8cc7fac94823618919c53581d910a37b6ed9f79c2d275ca4be81a45adbe
Instruction ID: 6fa1e902a86ac0b2708100424061c2952798605219e9968fc5aab297206e5448
Opcode Fuzzy Hash: b9f7f8cc7fac94823618919c53581d910a37b6ed9f79c2d275ca4be81a45adbe
Instruction Fuzzy Hash: 00016972204300AFE3119A59ED80F52B7EAEB88724F08446AF69DD7240D672AC468761

Function 21FDEF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

Strings

misuse, xrefs: 21FDEFB0
%s at line %d of [%.10s], xrefs: 21FDEFB5
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 21FDEFA6

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: e9f29216a7d907203effd8b9d083633a6083e5b649796fe44d97d44af65a84a6
Instruction ID: 8ebfaf521fc6058d9720a034f5af9c0bbe097b7b93126e91a97a0011ad257f80
Opcode Fuzzy Hash: e9f29216a7d907203effd8b9d083633a6083e5b649796fe44d97d44af65a84a6
Instruction Fuzzy Hash: CE01D6B2641721EFE3018F08D848F0A7BA1AB82304F494598E9145B25AD377E846CB93

Function 22049180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

%s_stat, xrefs: 22049192

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s_stat
API String ID: 0-920702477
Opcode ID: cdc2922ee1215602999d86a611f6712fd3366d8f4c1a780efc5e0b344d476e13
Instruction ID: 19fc305c0909c1e3dbd4e7e41d070d3e79d3dec1913cf694c9bd017cf5f527a5
Opcode Fuzzy Hash: cdc2922ee1215602999d86a611f6712fd3366d8f4c1a780efc5e0b344d476e13
Instruction Fuzzy Hash: E0F02763F043523FE7158679FD80B4AFBD6BB50260F0C8675E52C92118C312ACA293D1

Function 220100B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220100E5
%s at line %d of [%.10s], xrefs: 220100EA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220100DB

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 3c3c94fe83ee5e3b7ab8444e1d4ec3149e85ccd8123c82b83f178e390692394e
Instruction ID: bb6af9e4d69881e8b814dc54a1a295b42281315df41453e51f43b97aaa28b911
Opcode Fuzzy Hash: 3c3c94fe83ee5e3b7ab8444e1d4ec3149e85ccd8123c82b83f178e390692394e
Instruction Fuzzy Hash: A8E092703803056FE707CAA4CFC0F627BD26B50704F4740A4E865BB266EB20DE80E760

Function 2218066B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,22180513,?,?,?,?,?,?,221807BD,00000003,FlsSetValue,221F7770,221F7778), ref: 22180678
GetLastError.KERNEL32(?,22180513,?,?,?,?,?,?,221807BD,00000003,FlsSetValue,221F7770,221F7778), ref: 22180682
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 221806AA

Strings

api-ms-, xrefs: 2218068F

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 51e3a3172d9eb7b5ba706d5e57211a626cdcf09d0ba53bfa994b2e666bdf1a21
Instruction ID: d654aa23d77f9b26a065f970cb916592e9584a6fe8fb1c43d37b2bf55ce3cbe6
Opcode Fuzzy Hash: 51e3a3172d9eb7b5ba706d5e57211a626cdcf09d0ba53bfa994b2e666bdf1a21
Instruction Fuzzy Hash: C0E09A702C0309BBFB101E60DC49F993B55AF41B40F608930FE0CE81A2DB7AAA50CA99

Function 2210C1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

misuse, xrefs: 2210C1F9
%s at line %d of [%.10s], xrefs: 2210C1FE
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2210C1F0

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 44002bd6a0f227f0ef9353d0b218cb1bc389bbe2bcac392dcb69f392c48cfb45
Instruction ID: 591bca74b02e3c7f0cc522cf27643e67848c6df3a738daa70a6984936bcb4b28
Opcode Fuzzy Hash: 44002bd6a0f227f0ef9353d0b218cb1bc389bbe2bcac392dcb69f392c48cfb45
Instruction Fuzzy Hash: 46B09B65790F49B5FB0555548CC1ED57A1557F0306FC7805471755D2ADD06542505111

Function 220DA570 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

database corruption, xrefs: 220DA579
%s at line %d of [%.10s], xrefs: 220DA57E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220DA570

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7cf9c3036a43ff72039fd2741642b3d142840b4cc165918a5422bb350ff2c860
Instruction ID: 6e1c289ce3ddbc1c4fe49a0e56ca4915d2b99cdb90c2ab08678861f34ec78b19
Opcode Fuzzy Hash: 7cf9c3036a43ff72039fd2741642b3d142840b4cc165918a5422bb350ff2c860
Instruction Fuzzy Hash: C4B092AA78074576FA06A1648D81F977E615770604FC78854B13A2A2AEE22687108252

Function 220D6B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

cannot open file, xrefs: 220D6B59
%s at line %d of [%.10s], xrefs: 220D6B5E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 220D6B50

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$cannot open file$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1799306995
Opcode ID: dbd716e539bf07f2ca9cc0eb6c3ea737cd17b3c22d82ad071769f750b84aa822
Instruction ID: d3d9e80f94fb0a436a874a8026110e7bf1643fc67c81958c34f82227a27f2554
Opcode Fuzzy Hash: dbd716e539bf07f2ca9cc0eb6c3ea737cd17b3c22d82ad071769f750b84aa822
Instruction Fuzzy Hash: F2B092967807857AFA06A964CC81F967E216770604FC78894B17A392AEE096C2908212

Function 220325E0 Relevance: 6.4, APIs: 4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce046cc7a692121a7ec9d83c3c3203e3a4e593cf84ea5992afc46d90b587f8e
Instruction ID: af60ece8996a1f0fc4ba6da36686893511a1b3d4b0733df96f16c706ca8c6497
Opcode Fuzzy Hash: 9ce046cc7a692121a7ec9d83c3c3203e3a4e593cf84ea5992afc46d90b587f8e
Instruction Fuzzy Hash: D0D192716443519FD702DF25CA8CE1A77E8FB18349F400A39FD05C220AEBBADA54DB92

Function 221C67F5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(92ECC20E,00000000,00000000,?), ref: 221C6858
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 221C6AAA
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 221C6AF0
GetLastError.KERNEL32 ref: 221C6B93

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: dc194e46e1f4f8fac8fcf9f408151dba8e7ebe6b40e81b4fe00fda2a61448eac
Instruction ID: eac7d88f312be5c65e042ead1c827e3a1c9d21a7d3b2c74be5376b4f1e7ea75d
Opcode Fuzzy Hash: dc194e46e1f4f8fac8fcf9f408151dba8e7ebe6b40e81b4fe00fda2a61448eac
Instruction Fuzzy Hash: 88D17AB9E402889FCB14CFE8C880EEDBBB5EF59304F14456AE925EB351D731AA41CB51

Function 22078EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9702cf6c0d08f6de0f6662a5616dbae22bba9715d6d664fafdcfb8785ab314
Instruction ID: 8b1644c1db6838d3236a80af8135d25364b1ca52ff89d3edd23dfcb7175fa452
Opcode Fuzzy Hash: 0e9702cf6c0d08f6de0f6662a5616dbae22bba9715d6d664fafdcfb8785ab314
Instruction Fuzzy Hash: 02517C71A043894FD7228F34D9447AAFBF49F59314F0806B9E9D48B243E369D684E3A9

Function 21FFCAE0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3460e7eb0831f0217da50dad164ed823756171df3c5aeb7368c6179d9daeb8cf
Instruction ID: 18a463074f3fc3f477a9c490029e5ee08ae19f6f61c654bdca61f7de0f2af266
Opcode Fuzzy Hash: 3460e7eb0831f0217da50dad164ed823756171df3c5aeb7368c6179d9daeb8cf
Instruction Fuzzy Hash: D93102B6604315AFE710CF68D840F56B7E5FF85311F08097EEA14C76A0E362E954E7A1

Function 21FFB1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction ID: 443b3b75670bcf8fef10e0e57e09ad0642e76d7575f9d5376ecec5df69ab92f7
Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction Fuzzy Hash: B131E475004B41EFD336CB18E84069BB7E6BF96310F04496DD4AA829A1D3B3F488C791

Function 2206CFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction ID: 18c718235b48910c4fa31503daf4fa2c39757b0339af53eaba150678fe98c3fc
Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction Fuzzy Hash: 6C21AF715047059FD750EF69C980B6BBBE0EFA8340F94083DF595C3222E732EA589B92

Function 221CF4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 221CF4E0
GetLastError.KERNEL32(?,?,?,?), ref: 221CF4ED
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 221CF513
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 221CF539

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 125c8cb40209ebddacb2fe7408af19cf2baa6cee5985c561ea7136a14d0b17ca
Instruction ID: dfcadad6fee4a002349f6634ce10189d7210248ef750f8c7e58161d79011a4e0
Opcode Fuzzy Hash: 125c8cb40209ebddacb2fe7408af19cf2baa6cee5985c561ea7136a14d0b17ca
Instruction Fuzzy Hash: 33115379940219BFDF118FA4CD08EDE3F79EF00360F108546F924A21A1DB7A9A80CBA1

Function 21FD2ABD Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 221D1382
GetLastError.KERNEL32 ref: 221D138E
___initconout.LIBCMT ref: 221D139E

Part of subcall function 221D1303: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,221D13A3), ref: 221D1316

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 221D13B3

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: 8cd0fc46abca22357db0afe0724c72eec5b22ba98dc3fc1fff83528394327085
Instruction ID: 3df5b69de7183ecc2bc5c4b5c5331cb8796ab3dcbb291c2c2d8283ca8c8a0855
Opcode Fuzzy Hash: 8cd0fc46abca22357db0afe0724c72eec5b22ba98dc3fc1fff83528394327085
Instruction Fuzzy Hash: 57F0F837584225FBCF161E95CE09E8A3F66FB482A1F054510FE188552ADE3B8A60DB90

Function 22157300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON

Download Yara Rule

Strings

%!.15g, xrefs: 221575C3
-, xrefs: 22157538

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: %!.15g$-
API String ID: 0-583212262
Opcode ID: 3118dd7335591d403d3b2545a67b28140765c74751f61e6ab70f1960f278af51
Instruction ID: 9329a07bc6f9a7fbca992ab784b46eb44dfa2f69e9082d32ecdecbb9c4bfbe7d
Opcode Fuzzy Hash: 3118dd7335591d403d3b2545a67b28140765c74751f61e6ab70f1960f278af51
Instruction Fuzzy Hash: F3918B71A083028FD304CF2CD891B9AFBE1AFC8314F04496DE999C7351E7B9C9098B92

Function 2201CBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 2201CE39

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 09167264f1c84c9eba1543e31b2f129be9f25c22ada9fad1f72cf56763fb0ded
Instruction ID: a5bdb53dac40dff69870a467200a2cb7fd7a8c580129aabd973e0510a4bd944c
Opcode Fuzzy Hash: 09167264f1c84c9eba1543e31b2f129be9f25c22ada9fad1f72cf56763fb0ded
Instruction Fuzzy Hash: 1A81E0B5A043058FC705CF18C981F5BB7E5AF94318F080A68FA94972A2E375EA45F793

Function 21FEC8E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

Strings

ESCAPE expression must be a single character, xrefs: 21FECA43
LIKE or GLOB pattern too complex, xrefs: 21FEC94F

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 0-264706735
Opcode ID: 5785c04ca4a1a7eb6b021f0d73efe721169c7e84b89699a88881d45c8c971c67
Instruction ID: fd1853d386bce3e0ae7173106d1b68bb2d976cae7668ec463cd1dca86ddfbb0a
Opcode Fuzzy Hash: 5785c04ca4a1a7eb6b021f0d73efe721169c7e84b89699a88881d45c8c971c67
Instruction Fuzzy Hash: 50617A71604358EFE70BCA24C899F697B97AB43724F14419CF8BA5B2D3D237C6858351

Function 21FED0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 21FED213

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: ed47e36683beed24c647682d6a56684c007ec3620fa9cdefee836405cf50cf53
Instruction ID: 3552f3e10a2f3d9aa48388b73fa34239756a7402b32939c0b7e021e59c6ee463
Opcode Fuzzy Hash: ed47e36683beed24c647682d6a56684c007ec3620fa9cdefee836405cf50cf53
Instruction Fuzzy Hash: E8415B739043418EF7118A289C45B5A7B979F61320F040A6CEDB857BD2D62BD609C392

Function 21FE55D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

winDelete, xrefs: 21FE569C
delayed %dms for lock/sharing conflict at line %d, xrefs: 21FE56D1

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 0-1405699761
Opcode ID: eecbe93036063efac0735a632f5f52f9799c082927d71d2a7a5b97a09cc502f9
Instruction ID: dc09c7eda0b6601bdc8b2965fef8225f40f4eefe44303c84ee29e9425066b58f
Opcode Fuzzy Hash: eecbe93036063efac0735a632f5f52f9799c082927d71d2a7a5b97a09cc502f9
Instruction Fuzzy Hash: 6F312FB6680211EBF7101F38AD8CD5A7B5A9741261F010F35FE2AC61B7DE6785448E91

Function 21FED300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 21FED3D5

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: bcc1c438c7632f6764277b390995ed4db280baeba7d811c1a22871088c1893f7
Instruction ID: c350da6b3e92f0e4eeba760bcb06c7ed94091598b7e9dd3dea3d1f450fba8318
Opcode Fuzzy Hash: bcc1c438c7632f6764277b390995ed4db280baeba7d811c1a22871088c1893f7
Instruction Fuzzy Hash: 4A3180B3944314AFE7114A149C40F663B5B9B93324F280298F9786B6C2C267D902C3E1

Function 220087A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";, xrefs: 220087B9

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";
API String ID: 0-2843444156
Opcode ID: 0d913e6e1bc85df2bd3aa7b2a7194b01ee0b2f9b4293fdb469c8a27e4f56048c
Instruction ID: bdc2aab3db765bc9eb9c806665ced755c88f55df98bbc8638866cf763e32b6dc
Opcode Fuzzy Hash: 0d913e6e1bc85df2bd3aa7b2a7194b01ee0b2f9b4293fdb469c8a27e4f56048c
Instruction Fuzzy Hash: DC11E7B26401106FF2059719EC4CF6737A9EB94355F044634FD04D2109DBBAED55CBEA

Function 21FD141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

InitializeCriticalSectionEx, xrefs: 221B0E84
GetXStateFeaturesMask, xrefs: 221B0E34

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: 3bea9d38b873bc407e03ce3b16b1407e1656eb36fce610db672583d2bb335502
Instruction ID: 4d4581a33e3fbb9bcb0d9297836b66a006a8adf7e2956eb6d13aeadfde8a3965
Opcode Fuzzy Hash: 3bea9d38b873bc407e03ce3b16b1407e1656eb36fce610db672583d2bb335502
Instruction Fuzzy Hash: A10184366C032877DB213A518C09E9A7F26FF507B1F024411FE2D65229DA724A60D6E1

Function 21FFF740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 21FFF752

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
API String ID: 0-2071071404
Opcode ID: ef8833856b0277076280235e5903e2429853cf200e58af124f9eb6567f427318
Instruction ID: 2aec513c2c48c1d28be12dbd554cc8bd2ab630e7a4afd04351a26f857f3b1e5e
Opcode Fuzzy Hash: ef8833856b0277076280235e5903e2429853cf200e58af124f9eb6567f427318
Instruction Fuzzy Hash: A411E773540210AFF3019729DC8CF6B73ADEB55205F450729FD15D216AEBEBA904CB62

Function 22005350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

F, xrefs: 2200539B

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: ae74a1f4e58ca35cb012320941a7f107e3e9531f9ce756082fbf5d7ac7b20128
Instruction ID: 54753a0ad8a0de54f5bc0c0b9c4012e5395b38053e38c110559e0b0ff3404a86
Opcode Fuzzy Hash: ae74a1f4e58ca35cb012320941a7f107e3e9531f9ce756082fbf5d7ac7b20128
Instruction Fuzzy Hash: 1F114DB26083418FD704CB15C451B5FBBE5BFD8318F84482EE98A87290E775D608CB93

Function 2202EFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid = ?, xrefs: 2202F017

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: SELECT %s WHERE rowid = ?
API String ID: 0-866778640
Opcode ID: 24db407b9d1272ac2376ba138eb4f9f125eafe1b4da5ece66beb028a63dfe2c7
Instruction ID: cd37cf8e64dfe5ca691014d297dac4e2b12576f85910394496168318245c2ed8
Opcode Fuzzy Hash: 24db407b9d1272ac2376ba138eb4f9f125eafe1b4da5ece66beb028a63dfe2c7
Instruction Fuzzy Hash: A11129323007099FD7204F95DC80F92F7D4EB50361F10466EF56996640EB73B55197A0

Function 22007200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

Strings

invalid, xrefs: 2200721B
API call with %s database connection pointer, xrefs: 22007220

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$invalid
API String ID: 0-3574585026
Opcode ID: 23335654856e0981e60739ccce14d182dbe472c976b5f8d19bb8798658ce10c4
Instruction ID: 724885c882719ef815474c9efcb4d7d2f0d85fdd35751c6800d1399a63d8c4aa
Opcode Fuzzy Hash: 23335654856e0981e60739ccce14d182dbe472c976b5f8d19bb8798658ce10c4
Instruction Fuzzy Hash: 6DF04671B00B201BF6115628AD14FE337EA5F54324F000A75F7A6932F5C22DF640D681

Function 21FE85B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem), xrefs: 21FE85B6

Memory Dump Source

Source File: 00000005.00000002.3262459280.0000000021FD8000.00000020.00001000.00020000.00000000.sdmp, Offset: 21FD0000, based on PE: true

Associated: 00000005.00000002.3262429102.0000000021FD0000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000021FD1000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.0000000022136000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3262459280.00000000221DD000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221DF000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3263956891.00000000221E8000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264114188.0000000022212000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3264150204.000000002221F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_21fd0000_MSBuild.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem)
API String ID: 0-3640693396
Opcode ID: c28c8d242fe1a0be69bf5b7ee72704f8c84b2dd7d36cf632dab3feb387762ab0
Instruction ID: ad7e32debe038c9145386086b555aa2f212ad9c8c71bf841025d0a4d32345338
Opcode Fuzzy Hash: c28c8d242fe1a0be69bf5b7ee72704f8c84b2dd7d36cf632dab3feb387762ab0
Instruction Fuzzy Hash: 1AF0BB326443119BD2115B1DF800B8BB7D59FD2735F064176F818DB150EB71DE8287D1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report vjYcExA6ou.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\JKECFCFBGDHI\AFHDAK

C:\ProgramData\JKECFCFBGDHI\DHCAEC

C:\ProgramData\JKECFCFBGDHI\EHDGCG

C:\ProgramData\JKECFCFBGDHI\EHJDGC

C:\ProgramData\JKECFCFBGDHI\FIJECA

C:\ProgramData\JKECFCFBGDHI\HDAAAA

C:\ProgramData\JKECFCFBGDHI\IDHIDB

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vjYcExA6ou.exe.log

Windows Analysis Report
vjYcExA6ou.exe

Function 05799A70 Relevance: 10.3, Strings: 8, Instructions: 345
COMMON

Function 05799A80 Relevance: 10.3, Strings: 8, Instructions: 340
COMMON

Function 05797528 Relevance: 10.3, Strings: 8, Instructions: 299
COMMON

Function 05797538 Relevance: 10.3, Strings: 8, Instructions: 292
COMMON

Function 05798198 Relevance: 10.3, Strings: 8, Instructions: 277
COMMON

Function 057981A8 Relevance: 10.3, Strings: 8, Instructions: 270
COMMON

Function 05798730 Relevance: 10.2, Strings: 8, Instructions: 194
COMMON

Function 05798720 Relevance: 10.2, Strings: 8, Instructions: 194
COMMON

Function 05D11B10 Relevance: 6.7, Strings: 5, Instructions: 409
COMMON

Function 013DA108 Relevance: 6.0, Strings: 4, Instructions: 1043
COMMON

Function 05D13036 Relevance: 5.4, Strings: 4, Instructions: 369
COMMON

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre