Edit tour

Windows Analysis Report
pDHKarOK2v.exe

Overview

General Information

Sample name:	pDHKarOK2v.exe renamed because original name is a hash value
Original sample name:	83191f9561b65c2ebb2c95827de22c10.exe
Analysis ID:	1465867
MD5:	83191f9561b65c2ebb2c95827de22c10
SHA1:	b3bbe9ec2991bbc6213d1bf66221f5394e48d3ca
SHA256:	8ecfab17b6ecc5b0c7ca6d51373042d9afdaf10c9e03440828f940de68227cd9
Tags:	exeVidar
Infos:

Detection

CryptOne, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Found malware configuration

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Multi AV Scanner detection for submitted file

Yara detected CryptOne packer

Yara detected Powershell download and execute

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Machine Learning detection for sample

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

pDHKarOK2v.exe (PID: 4388 cmdline: "C:\Users\user\Desktop\pDHKarOK2v.exe" MD5: 83191F9561B65C2EBB2C95827DE22C10)

katC422.tmp (PID: 6440 cmdline: C:\Users\user\AppData\Local\Temp\katC422.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "f5b5622f4f4fc7235c0e9e6367cafc13"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: pDHKarOK2v.exe PID: 4388	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: pDHKarOK2v.exe PID: 4388	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: pDHKarOK2v.exe PID: 4388	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: katC422.tmp PID: 6440	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: katC422.tmp PID: 6440	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.pDHKarOK2v.exe.29c7719.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.pDHKarOK2v.exe.3fb0000.5.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.pDHKarOK2v.exe.2bc0000.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.pDHKarOK2v.exe.2bc0000.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.pDHKarOK2v.exe.29c7719.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199707802586	Avira URL Cloud: Label: malware
Source: https://t.me/g067n	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "f5b5622f4f4fc7235c0e9e6367cafc13"}

Multi AV Scanner detection for submitted file

Source: pDHKarOK2v.exe

Virustotal: Detection: 40%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: pDHKarOK2v.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: I8S%
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: usernameField
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: a GX Stable
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: uctName
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: layVersion
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: sktop\
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: F783D5D3EF8C*
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: T=@?VDX;W:R1J )M$
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: #5EG P%:{
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: ystemInfo
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: 304FDQ8L\h$
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: %hu/%hu
Source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack	String decryptor: ero\wallet.k9ys

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Unpacked PE file: 2.2.katC422.tmp.20130000.0.unpack

Source: pDHKarOK2v.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49710 version: TLS 1.2

Source:

Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199707802586
Source: Malware configuration extractor	URLs: https://t.me/g067n

Source: global traffic

TCP traffic: 192.168.2.6:49711 -> 49.13.159.121:9000

Source: global traffic

HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View

ASN Name: TELEGRAMRU TELEGRAMRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121
Source: unknown	TCP traffic detected without corresponding DNS query: 49.13.159.121

Source: global traffic

HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: t.me

Source: katC422.tmp, 00000002.00000003.2155967589.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2275940732.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enb
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000000.2096817178.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, katC422.tmp.0.dr	String found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
Source: katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: katC422.tmp, 00000002.00000003.2276254993.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.1
Source: katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121/
Source: katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121/b
Source: katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/159.121:9000/freebl3.dll
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/159.121:9000/msvcp140.dll
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/:0
Source: katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/B7
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/D
Source: katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/J0
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/L
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/R
Source: katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/X
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/c530icrosoft
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/cal
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/freebl3.dll
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/freebl3.dll)Fqc?
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/freebl3.dll)MIb
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/freebl3.dllft
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/freebl3.dllmFMc5
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/j00b
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/lowedCert_AutoUpdate_1
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/mozglue.dll
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/mozglue.dll4
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/mozglue.dllft
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/mozglue.dllposition:
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/msvcp140.dll
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/msvcp140.dllt
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/nss3.dll
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/nss3.dllhx
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/nss3.dllosoft
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/nss3.dlltx
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/r
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/r0(b
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/soft
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/softokn3.dll
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/softokn3.dllZL
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/softokn3.dllt
Source: katC422.tmp, 00000002.00000003.2288952609.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2273930953.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287445433.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288510535.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299686257.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296525829.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/sqlt.dll
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dll
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dlletsC
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllge
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllpet
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:90000c530oogle
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000el
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000oaming
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000ocal
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.13.159.121:9000srss.exe
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067n
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067nry1neMozilla/5.0
Source: katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49710 version: TLS 1.2

Source: Yara match	File source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pDHKarOK2v.exe PID: 4388, type: MEMORYSTR

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FB510 NtProtectVirtualMemory,NtProtectVirtualMemory,	0_2_029FB510
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FB250 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,	0_2_029FB250
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FBEF0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,	0_2_029FBEF0

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FC510	0_2_029FC510
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20144CF0	2_2_20144CF0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201BA0B0	2_2_201BA0B0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013209F	2_2_2013209F
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201347AF	2_2_201347AF
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2015A560	2_2_2015A560
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2022A590	2_2_2022A590
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201466C0	2_2_201466C0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2026E800	2_2_2026E800
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20133E3B	2_2_20133E3B
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013481D	2_2_2013481D
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2024A900	2_2_2024A900
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2022A940	2_2_2022A940
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_202169C0	2_2_202169C0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013AA40	2_2_2013AA40
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013EA80	2_2_2013EA80
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201319DD	2_2_201319DD
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2030AEBE	2_2_2030AEBE
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20176E80	2_2_20176E80
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20192EE0	2_2_20192EE0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013F160	2_2_2013F160
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013174E	2_2_2013174E
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20163370	2_2_20163370
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20167810	2_2_20167810
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013251D	2_2_2013251D
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2015BAB0	2_2_2015BAB0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013290A	2_2_2013290A
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20258030	2_2_20258030
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201B0090	2_2_201B0090
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201B8120	2_2_201B8120
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20133AB2	2_2_20133AB2
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20270480	2_2_20270480
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20158680	2_2_20158680
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20158763	2_2_20158763
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20194760	2_2_20194760
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201C8760	2_2_201C8760
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013C800	2_2_2013C800
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20131EF1	2_2_20131EF1
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20234A60	2_2_20234A60
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20158D2A	2_2_20158D2A
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2016CE10	2_2_2016CE10
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20149000	2_2_20149000
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20255040	2_2_20255040
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2030D209	2_2_2030D209
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20133580	2_2_20133580
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201C53B0	2_2_201C53B0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20299430	2_2_20299430
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013D4C0	2_2_2013D4C0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201D9690	2_2_201D9690
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201ED6D0	2_2_201ED6D0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20131C9E	2_2_20131C9E
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201E5940	2_2_201E5940
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20259A20	2_2_20259A20
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20132018	2_2_20132018
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20161C50	2_2_20161C50
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2013292D	2_2_2013292D
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20299CC0	2_2_20299CC0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201312A8	2_2_201312A8
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20132AA9	2_2_20132AA9

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 203106B1 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 20131F5A appears 36 times
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 20131C2B appears 47 times
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 2013415B appears 173 times
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 20133AF3 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: String function: 2013395E appears 81 times

Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameResHack! vs pDHKarOK2v.exe

Source: pDHKarOK2v.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/12@1/2

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\0813XZA8.htm

Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

File created: C:\Users\user\AppData\Local\Temp\katC422.tmp

Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT url FROM urls LIMIT 1000O;
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: katC422.tmp, 00000002.00000003.2296801499.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2286588934.0000000000862000.00000004.00000020.00020000.00000000.sdmp, AAKEGD.2.dr, AECAEC.2.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: pDHKarOK2v.exe

Virustotal: Detection: 40%

Source: unknown	Process created: C:\Users\user\Desktop\pDHKarOK2v.exe "C:\Users\user\Desktop\pDHKarOK2v.exe"
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Process created: C:\Users\user\AppData\Local\Temp\katC422.tmp C:\Users\user\AppData\Local\Temp\katC422.tmp
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Process created: C:\Users\user\AppData\Local\Temp\katC422.tmp C:\Users\user\AppData\Local\Temp\katC422.tmp	Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: pDHKarOK2v.exe

Static file information: File size 1717248 > 1048576

Source: pDHKarOK2v.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12ae00

Source:

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Unpacked PE file: 2.2.katC422.tmp.20130000.0.unpack

Source: sqlt[1].dll.2.dr

Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FCA10 push edx; ret	0_2_029FCC1F
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Code function: 0_2_029FC310 push edx; ret	0_2_029FC31B
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201310C8 push ecx; ret	2_2_20333552
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20131BF9 push ecx; ret	2_2_202D4C03

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll			Jump to dropped file
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	File created: C:\Users\user\AppData\Local\Temp\katC422.tmp			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: icon.png

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

API coverage: 0.8 %

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: HIDGCF.2.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: HIDGCF.2.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: HIDGCF.2.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: HIDGCF.2.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: HIDGCF.2.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: HIDGCF.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: HIDGCF.2.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: HIDGCF.2.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: HIDGCF.2.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: HIDGCF.2.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: HIDGCF.2.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: HIDGCF.2.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: HIDGCF.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: HIDGCF.2.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: HIDGCF.2.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: HIDGCF.2.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: HIDGCF.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: HIDGCF.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: HIDGCF.2.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Code function: 2_2_20132C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_20132C8E

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Code function: 2_2_201346A6 GetProcessHeap,

2_2_201346A6

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20132C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		2_2_20132C8E
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201342AF SetUnhandledExceptionFilter,		2_2_201342AF

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: pDHKarOK2v.exe PID: 4388, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Memory allocated: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Code function: 0_2_029FBEF0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,

0_2_029FBEF0

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 400000 value starts with: 4D5A

Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\katC422.tmp base address: 400000

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 425000	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 42E000	Jump to behavior
Source: C:\Users\user\Desktop\pDHKarOK2v.exe	Memory written: C:\Users\user\AppData\Local\Temp\katC422.tmp base: 643000	Jump to behavior

Source: C:\Users\user\Desktop\pDHKarOK2v.exe

Process created: C:\Users\user\AppData\Local\Temp\katC422.tmp C:\Users\user\AppData\Local\Temp\katC422.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	2_2_2013298C
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: EnumSystemLocalesW,	2_2_2030FF17
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: GetLocaleInfoW,	2_2_20132112
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: GetLocaleInfoW,	2_2_20132112

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Code function: 2_2_202D4323 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

2_2_202D4323

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Code function: 2_2_20314A46 GetTimeZoneInformation,

2_2_20314A46

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: katC422.tmp, 00000002.00000003.2273930953.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296525829.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected CryptOne packer

Source: Yara match

File source: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.29c7719.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.3fb0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.2bc0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.2bc0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.29c7719.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pDHKarOK2v.exe PID: 4388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: katC422.tmp PID: 6440, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Source: Yara match

File source: Process Memory Space: katC422.tmp PID: 6440, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.pDHKarOK2v.exe.3fb0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.29c7719.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.3fb0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.2bc0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.2bc0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.pDHKarOK2v.exe.29c7719.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pDHKarOK2v.exe PID: 4388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: katC422.tmp PID: 6440, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2019E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_2019E090
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201AE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201AE170
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2019E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	2_2_2019E200
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201466C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_201466C0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201AA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	2_2_201AA6F0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2018EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	2_2_2018EF30
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2015B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	2_2_2015B400
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201F3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201F3770
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_202137E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_202137E0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20167810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_20167810
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20214140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	2_2_20214140
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201A8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	2_2_201A8200
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20168430 sqlite3_bind_int64,	2_2_20168430
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20188550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	2_2_20188550
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20158680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	2_2_20158680
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201806E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	2_2_201806E0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20144820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	2_2_20144820
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20168970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	2_2_20168970
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20168CB0 sqlite3_bind_zeroblob,	2_2_20168CB0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20214D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_20214D40
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20160FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_20160FB0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201C9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	2_2_201C9090
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201D51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201D51D0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201ED3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201ED3B0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2025D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_2025D4F0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_202514D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_202514D0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201D55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201D55B0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2020D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_2020D610
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201D5910 sqlite3_mprintf,sqlite3_bind_int64,	2_2_201D5910
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_2025D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_2025D9E0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201ADB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_201ADB10
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_20145C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_20145C70
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201ADFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	2_2_201ADFC0
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp	Code function: 2_2_201B1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_201B1FE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	511 Process Injection	11 Masquerading	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Shared Modules	Boot or Logon Initialization Scripts	1 DLL Side-Loading	511 Process Injection	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	41 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
pDHKarOK2v.exe	41%	Virustotal		Browse
pDHKarOK2v.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\katC422.tmp	4%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bg.microsoft.map.fastly.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://49.13.159.121:9000ocal	0%	Avira URL Cloud	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/159.121:9000/freebl3.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000srss.exe	0%	Avira URL Cloud	safe
https://49.13.159.121:9000oaming	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/J0	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://t.me/	0%	Avira URL Cloud	safe
https://web.telegram.org	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/softokn3.dllt	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/nss3.dlltx	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/nss3.dllhx	0%	Avira URL Cloud	safe
https://49.13.159.121/b	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/:0	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/B7	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/softokn3.dllZL	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/vcruntime140.dllge	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/softokn3.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/mozglue.dllft	0%	Avira URL Cloud	safe
https://49.13.159.121:9000	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/freebl3.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/freebl3.dll)Fqc?	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/freebl3.dll)MIb	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/freebl3.dllft	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/mozglue.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/cal	0%	Avira URL Cloud	safe
https://49.13.159.121/	0%	Avira URL Cloud	safe
https://t.me/g067nry1neMozilla/5.0	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/D	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/nss3.dll	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/vcruntime140.dllpet	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/sqlt.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/L	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/vcruntime140.dlletsC	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/R	0%	Avira URL Cloud	safe
http://www.microsoft.	0%	Avira URL Cloud	safe
http://rpi.net.au/~ajohnson/resourcehacker	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/msvcp140.dll	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/mozglue.dllposition:	0%	Avira URL Cloud	safe
https://49.13.159.121:90000c530oogle	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/X	0%	Avira URL Cloud	safe
https://49.1	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/soft	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/nss3.dllosoft	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/lowedCert_AutoUpdate_1	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199707802586	100%	Avira URL Cloud	malware
https://49.13.159.121:9000/	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/mozglue.dll4	0%	Avira URL Cloud	safe
https://49.13.159.121:9000el	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/c530icrosoft	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/159.121:9000/msvcp140.dll	0%	Avira URL Cloud	safe
https://t.me/g067n	100%	Avira URL Cloud	malware
https://49.13.159.121:9000/r0(b	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/j00b	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/msvcp140.dllt	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/freebl3.dllmFMc5	0%	Avira URL Cloud	safe
https://49.13.159.121:9000/vcruntime140.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199707802586	true	Avira URL Cloud: malware	unknown
https://t.me/g067n	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://49.13.159.121:9000/159.121:9000/freebl3.dll	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	Avira URL Cloud: safe	unknown
https://t.me/	katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000oaming	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000ocal	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.telegram.org	katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/J0	katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000srss.exe	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/softokn3.dllt	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121:9000/nss3.dllhx	katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/vcruntime140.dllge	katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121/b	katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/softokn3.dll	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/nss3.dlltx	katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/:0	katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/B7	katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/softokn3.dllZL	katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/mozglue.dllft	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000	katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/freebl3.dll	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/freebl3.dll)Fqc?	katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121/	katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/freebl3.dllft	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/mozglue.dll	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/freebl3.dll)MIb	katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/g067nry1neMozilla/5.0	pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/cal	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121:9000/D	katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/nss3.dll	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/vcruntime140.dllpet	katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/sqlt.dll	katC422.tmp, 00000002.00000003.2288952609.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2273930953.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287445433.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288510535.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299686257.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296525829.00000000009D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/L	katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/R	katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/vcruntime140.dlletsC	katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	Avira URL Cloud: safe	unknown
http://rpi.net.au/~ajohnson/resourcehacker	pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000000.2096817178.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, katC422.tmp.0.dr	false	Avira URL Cloud: safe	unknown
http://www.microsoft.	katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/msvcp140.dll	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/X	katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121:9000/mozglue.dllposition:	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:90000c530oogle	katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.1	katC422.tmp, 00000002.00000003.2276254993.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/soft	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121:9000/nss3.dllosoft	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/lowedCert_AutoUpdate_1	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/	katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/mozglue.dll4	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/159.121:9000/msvcp140.dll	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/r	katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://49.13.159.121:9000/r0(b	katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000el	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/c530icrosoft	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/msvcp140.dllt	katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/vcruntime140.dll	katC422.tmp, 00000002.00000003.3230343222.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://49.13.159.121:9000/j00b	katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr	false	URL Reputation: safe	unknown
https://49.13.159.121:9000/freebl3.dllmFMc5	katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
49.13.159.121	unknown	Germany		24940	HETZNER-ASDE	false
149.154.167.99	t.me	United Kingdom		62041	TELEGRAMRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465867
Start date and time:	2024-07-02 07:52:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	pDHKarOK2v.exe renamed because original name is a hash value
Original Sample Name:	83191f9561b65c2ebb2c95827de22c10.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/12@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 85% Number of executed functions: 7 Number of non-executed functions: 231
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 93.184.221.240
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:53:04	API Interceptor	1x Sleep call for process: katC422.tmp modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
49.13.159.121	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse
149.154.167.99	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	KeyboardRGB.exe	Get hash	malicious	Unknown	Browse	t.me/cinoshibot
	file.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Ftelegra.ph%2FDavis-Insurance-Agency-LLC-06-28&E=kgarber%40woodlandsbank.com&X=XID311CFbwQP1837Xd1&T=WDLP&HV=U,E,X,T&H=3a14786ee7a8dd2b0305ef5dd961d4108cbfaf34	Get hash	malicious	Unknown	Browse	149.154.167.99
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	149.154.167.99
	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	149.154.167.99
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
bg.microsoft.map.fastly.net	Revised Invoice 7389293.vbs	Get hash	malicious	GuLoader, Remcos	Browse	199.232.210.172
	http://differentia.ru	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://docs.google.com/forms/d/e/1FAIpQLSdxwlJ42E7IP7P7FI5J10LvcZM2xU4rjZus8shJYViiMODIbA/viewform?pli=1	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://polyfill.io/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://aradcofeenet1.aradcofeenet1.workers.dev/	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://a289.dvq.workers.dev/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.html	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://pub-72f4175190054b068a6db1f116f55ca9.r2.dev/index.html	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://telegrambot-resolved.pages.dev/	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://worker2.kenneth-ho-yk.workers.dev/	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	https://telegrambot-resolved.pages.dev/	Get hash	malicious	Unknown	Browse	149.154.167.99
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Ftelegra.ph%2FDavis-Insurance-Agency-LLC-06-28&E=kgarber%40woodlandsbank.com&X=XID311CFbwQP1837Xd1&T=WDLP&HV=U,E,X,T&H=3a14786ee7a8dd2b0305ef5dd961d4108cbfaf34	Get hash	malicious	Unknown	Browse	149.154.167.99
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	149.154.167.99
	Kh7W85ONS7.exe	Get hash	malicious	AsyncRAT, DarkTortilla, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://telegrambot-resolved.pages.dev/	Get hash	malicious	Unknown	Browse	149.154.167.99
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
HETZNER-ASDE	https://he110ca11he1lpn0wwb112.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	49.13.159.121
	http://www.midoregon.com	Get hash	malicious	Unknown	Browse	188.40.16.190
	lQC7IiMNX1.elf	Get hash	malicious	Mirai	Browse	46.4.110.33
	MT103-7543324334.exe	Get hash	malicious	Remcos	Browse	138.201.150.244
	file.exe	Get hash	malicious	FormBook	Browse	135.181.212.206
	file.exe	Get hash	malicious	FormBook	Browse	135.181.212.206
	Re_ gerechtelijke dagvaarding..eml	Get hash	malicious	Unknown	Browse	95.217.55.136
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	195.201.251.214

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Revised Invoice 7389293.vbs	Get hash	malicious	GuLoader, Remcos	Browse	149.154.167.99
	Vyuctovani_2024_07-1206812497#U00b7pdf.exe	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99
	Build.exe	Get hash	malicious	DBatLoader, Neshta	Browse	149.154.167.99
	F.exe	Get hash	malicious	AsyncRAT, Neshta, XWorm	Browse	149.154.167.99
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	68#U2466.hta	Get hash	malicious	Unknown	Browse	149.154.167.99
	MOD_200.pdf.lnk	Get hash	malicious	Arc Stealer	Browse	149.154.167.99
	SecuriteInfo.com.Win32.BootkitX-gen.7605.8583.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu	Browse	149.154.167.99
	DHL Shipping Document Awb & BL.vbs	Get hash	malicious	GuLoader, Remcos	Browse	149.154.167.99
	capisp.dll.dll	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse
	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse

Created / dropped Files

C:\ProgramData\BGIIDAEBGCAA\AAKEGD

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\AECAEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\BAFBFC

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\DHCFID

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\FCFBFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\HIDGCF

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	modified
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\JEGHDA

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAA\JJJEGC

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.2418003062782916
Encrypted:	false
SSDEEP:	6:kKHi9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:FDImsLNkPlE99SNxAhUe/3
MD5:	8B586EEA7ADFBBD6E6E18D4FF5871C19
SHA1:	4D09EE1059277DCEDC25F16974BB1811AEE305E0
SHA-256:	9B752CAE002D8CDC584EFC251B8373F3E0B91AA1750A5150FC0AADC21E07CF4E
SHA-512:	5CB0A1512C4036258147AB3D6D3B94451CA5BC462460D0976F46C91410724B54B1CDF9715503FEB9C523A5CE6557123D09883FFFFB1CFC349B4F6D6F858BC899
Malicious:	false
Preview:	p...... .........&;.D...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\katC422.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 1719859269.0326595_setup.exe, Detection: malicious, Browse Filename: zyJWi2vy29.exe, Detection: malicious, Browse Filename: 56bDgH9sMQ.exe, Detection: malicious, Browse Filename: vjYcExA6ou.exe, Detection: malicious, Browse Filename: 2E7ZdlxkOL.exe, Detection: malicious, Browse Filename: S8co1ACRdn.exe, Detection: malicious, Browse Filename: M9dfZzH3qn.exe, Detection: malicious, Browse Filename: 5IRIk4f1PO.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\katC422.tmp

Download File

Process:	C:\Users\user\Desktop\pDHKarOK2v.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	881664
Entropy (8bit):	6.555251818096116
Encrypted:	false
SSDEEP:	24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
MD5:	66064DBDB70A5EB15EBF3BF65ABA254B
SHA1:	0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
SHA-256:	6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
SHA-512:	B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.157596551667498
TrID:	Win32 Executable (generic) a (10002005/4) 91.23% Win32 Executable Borland Delphi 7 (665061/41) 6.07% Win32 Executable Borland Delphi 6 (262906/60) 2.40% Win32 Executable Delphi generic (14689/80) 0.13% Windows Screen Saver (13104/52) 0.12%
File name:	pDHKarOK2v.exe
File size:	1'717'248 bytes
MD5:	83191f9561b65c2ebb2c95827de22c10
SHA1:	b3bbe9ec2991bbc6213d1bf66221f5394e48d3ca
SHA256:	8ecfab17b6ecc5b0c7ca6d51373042d9afdaf10c9e03440828f940de68227cd9
SHA512:	38d953ca84ba202dd61949cbe6b3fa6b981abad261c9218ef583ea769293c99fc62dee204245cd31ea39b333e958a1f85189beffaef04def9d6001fd9aad6af0
SSDEEP:	24576:T16dvdD4B0+lFiU2MZQti1u8LnsDJY6WpEYGYPORL4UjqmiIS5BxxK:T1Km2OZ21tuuIeNHYGY0LzjsJxK
TLSH:	6485E02272B1B4B3DD36EE398FEB47689529794329249D0663E01F084F35640FBD52AF
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	c1692e1f373f1307

Static PE Info

General

Entrypoint:	0x46c83c
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	bfca9d5b6fa4c919d2a5d427d044aa81

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 0046C4ACh
call 00007FB5E8AF7C41h
mov eax, dword ptr [0046EAC0h]
mov eax, dword ptr [eax]
call 00007FB5E8B4D18Dh
mov ecx, dword ptr [0046EC40h]
mov eax, dword ptr [0046EAC0h]
mov eax, dword ptr [eax]
mov edx, dword ptr [0046BEE8h]
call 00007FB5E8B4D18Dh
mov eax, dword ptr [0046EAC0h]
mov eax, dword ptr [eax]
call 00007FB5E8B4D201h
call 00007FB5E8AF5970h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x70000	0x2380	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7e000	0x12ae00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x75000	0x82b4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x74000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x6b884	0x6ba00	a936097d04f25f8486db11b70b97413a	False	0.518351662311266	data	6.530924465033981	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x6d000	0x1ce0	0x1e00	aa71e8b1fa13d426bb143f22e516f3ec	False	0.4381510416666667	data	4.377647091964442	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x6f000	0xee9	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x70000	0x2380	0x2400	fa2837ead97c5ee140ec9f2dbbe590a0	False	0.3668619791666667	data	5.005879868261477	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x73000	0x10	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x74000	0x18	0x200	66490f04eb223fb12186fb8a4af07542	False	0.05078125	MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "G"	0.2069200177871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x75000	0x82b4	0x8400	98e3a34a33200e609ad007cd4c7740ac	False	0.5791903409090909	data	6.649704991242167	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x7e000	0x12ae00	0x12ae00	ec6bb3ca5ed996cff0af3bcd71af7b09	False	0.7490042411647846	data	7.243853920356721	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x7efa8	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"			0.38636363636363635
RT_CURSOR	0x7f0dc	0x134	data			0.4642857142857143
RT_CURSOR	0x7f210	0x134	data			0.4805194805194805
RT_CURSOR	0x7f344	0x134	data			0.38311688311688313
RT_CURSOR	0x7f478	0x134	data			0.36038961038961037
RT_CURSOR	0x7f5ac	0x134	data			0.4090909090909091
RT_CURSOR	0x7f6e0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"			0.4967532467532468
RT_BITMAP	0x7f814	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x7f9e4	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380			0.46487603305785125
RT_BITMAP	0x7fbc8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x7fd98	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39870689655172414
RT_BITMAP	0x7ff68	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.4245689655172414
RT_BITMAP	0x80138	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5021551724137931
RT_BITMAP	0x80308	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5064655172413793
RT_BITMAP	0x804d8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x806a8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5344827586206896
RT_BITMAP	0x80878	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x80a48	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.41025641025641024
RT_BITMAP	0x80b80	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.27564102564102566
RT_BITMAP	0x80cb8	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3685897435897436
RT_BITMAP	0x80df0	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3685897435897436
RT_BITMAP	0x80f28	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.34294871794871795
RT_BITMAP	0x81060	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3717948717948718
RT_BITMAP	0x81198	0x104	Device independent bitmap graphic, 20 x 13 x 4, image size 156			0.5038461538461538
RT_BITMAP	0x8129c	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.4326923076923077
RT_BITMAP	0x813d4	0x104	Device independent bitmap graphic, 20 x 13 x 4, image size 156			0.5153846153846153
RT_BITMAP	0x814d8	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.46474358974358976
RT_BITMAP	0x81610	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128			0.4870689655172414
RT_ICON	0x816f8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.5013440860215054
RT_ICON	0x819e0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.311841949603691
RT_DIALOG	0x92208	0x52	data			0.7682926829268293
RT_STRING	0x9225c	0x40	AmigaOS bitmap font "o", 18432 elements, 2nd, 3rd			0.546875
RT_STRING	0x9229c	0x37c	data			0.39349775784753366
RT_STRING	0x92618	0x3b0	data			0.3241525423728814
RT_STRING	0x929c8	0x2a8	data			0.4470588235294118
RT_STRING	0x92c70	0x254	data			0.4463087248322148
RT_STRING	0x92ec4	0x3d8	data			0.4115853658536585
RT_STRING	0x9329c	0x1dc	data			0.3592436974789916
RT_STRING	0x93478	0x154	data			0.5470588235294118
RT_STRING	0x935cc	0x240	data			0.4565972222222222
RT_STRING	0x9380c	0x1b0	data			0.5532407407407407
RT_STRING	0x939bc	0xe8	data			0.6077586206896551
RT_STRING	0x93aa4	0x138	data			0.5544871794871795
RT_STRING	0x93bdc	0x3bc	data			0.4089958158995816
RT_STRING	0x93f98	0x3a4	data			0.3605150214592275
RT_STRING	0x9433c	0x3a4	data			0.34763948497854075
RT_STRING	0x946e0	0x3e8	data			0.384
RT_STRING	0x94ac8	0xf4	data			0.47540983606557374
RT_STRING	0x94bbc	0xc4	data			0.5663265306122449
RT_STRING	0x94c80	0x2c0	data			0.4446022727272727
RT_STRING	0x94f40	0x478	data			0.2928321678321678
RT_STRING	0x953b8	0x3ac	data			0.37553191489361704
RT_STRING	0x95764	0x2d4	data			0.4046961325966851
RT_RCDATA	0x95a38	0x10	data			1.5
RT_RCDATA	0x95a48	0x112334	data	English	United States	0.7973575592041016
RT_RCDATA	0x1a7d7c	0x540	data			0.6398809523809523
RT_RCDATA	0x1a82bc	0x494	Delphi compiled form 'TLoginDialog'			0.4931740614334471
RT_RCDATA	0x1a8750	0x3c4	Delphi compiled form 'TPasswordDialog'			0.4678423236514523
RT_RCDATA	0x1a8b14	0x21b	Delphi compiled form 'Tplfb'			0.62152133580705
RT_GROUP_CURSOR	0x1a8d30	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x1a8d44	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x1a8d58	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x1a8d6c	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x1a8d80	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x1a8d94	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x1a8da8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_ICON	0x1a8dbc	0x14	data	English	United States	1.2
RT_GROUP_ICON	0x1a8dd0	0x14	data	English	United States	1.25

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
user32.dll	GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
kernel32.dll	lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll	UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStretchBltMode, GetStockObject, GetPixelFormat, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
user32.dll	CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
ole32.dll	CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll	GetErrorInfo, SysFreeString
comctl32.dll	ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 07:52:57.143291950 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.143341064 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:57.143418074 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.158363104 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.158384085 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:57.797168970 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:57.797569990 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.863181114 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.863214970 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:57.863559008 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:57.863657951 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.867657900 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:57.908519983 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:58.092187881 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:58.092215061 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:58.092259884 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:58.092277050 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:58.092294931 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:58.092351913 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:58.096585035 CEST	49710	443	192.168.2.6	149.154.167.99
Jul 2, 2024 07:52:58.096616030 CEST	443	49710	149.154.167.99	192.168.2.6
Jul 2, 2024 07:52:58.114938021 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:52:58.119971037 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:52:58.120053053 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:52:58.120379925 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:52:58.125214100 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:52:58.805079937 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:52:58.805121899 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:52:58.805319071 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:52:59.709723949 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.006469011 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:00.201020002 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:00.201083899 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.202009916 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.206764936 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:00.667763948 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:00.667869091 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.672270060 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.677109003 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:00.677196980 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.677511930 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:00.682342052 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.327920914 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.328165054 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.328624964 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.330544949 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.333456039 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.335319042 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.970077038 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.970232964 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.972879887 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.973851919 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.978034973 CEST	9000	49711	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.978153944 CEST	49711	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.978790045 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:01.978878021 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.979456902 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:01.984364033 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:02.634089947 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:02.634180069 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:02.642471075 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:02.644510031 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:02.647289038 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:02.649311066 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.286216021 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.286323071 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.286732912 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.286787033 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.288311005 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.288834095 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.294045925 CEST	9000	49714	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.294173002 CEST	49714	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.294213057 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.294328928 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.294545889 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.299326897 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.960340023 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.960611105 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.961071968 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.963047028 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:03.965830088 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:03.968007088 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.625938892 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.625972033 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.625982046 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.626151085 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.626151085 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.626341105 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.626352072 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.626478910 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.628525019 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.629053116 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.635180950 CEST	9000	49715	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.635246992 CEST	49715	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.635399103 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:04.635468960 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.635780096 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:04.641103029 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:05.304416895 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:05.304476976 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:05.304934025 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:05.306842089 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:05.309703112 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:05.311553955 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:05.949346066 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:05.949433088 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.191540003 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.191901922 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.196770906 CEST	9000	49716	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.196825027 CEST	49716	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.197154999 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.197211027 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.197585106 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.202825069 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.843946934 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.844094992 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.844655991 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.846492052 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.846544027 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:06.849391937 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851241112 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851349115 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851453066 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851502895 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851511955 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.851568937 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:06.852583885 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:07.451546907 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:07.452286005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:07.456545115 CEST	9000	49717	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:07.456643105 CEST	49717	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:07.457014084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:07.457278013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:07.457657099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:07.462354898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:07.568455935 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:07.568713903 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.098870993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.099075079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.099658966 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.102050066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.104346991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.106823921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429032087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429100990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429105997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429112911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429199934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429254055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429254055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429323912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429338932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429380894 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429380894 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429527998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429538965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429549932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429559946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429582119 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429797888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.429838896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.429838896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.433877945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.433932066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.433968067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.434050083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.434092045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.434092045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.517648935 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.517746925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.517777920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.517874956 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.524772882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.524782896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.524799109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.524867058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.524943113 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.527093887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.527247906 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.528264999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.528276920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.528287888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.528305054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.528386116 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.534719944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.534789085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.534799099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.534799099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.534852982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.534852982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.541484118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.541520119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.541531086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.541574001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.541574001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.548295021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.548305035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.548357964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.548357964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.548559904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.548569918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.548604965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.555092096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.555130959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.555140018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.555169106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.555169106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.555217981 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.561580896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.561660051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.561670065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.561705112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.561705112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.563091993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.563304901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.568232059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.568242073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.568252087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.569910049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.571089983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.571254969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.574966908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.574978113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.574986935 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.575020075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.575169086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.581590891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.581686974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.583093882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.583256960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.613533974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.613547087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.613559008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.613615036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.614095926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.615092039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.615251064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.620477915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.620495081 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.620567083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.620574951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.620585918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.620647907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.623881102 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.623891115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.623899937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.623944998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.627079010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.630501986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.630512953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.630522966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.630620956 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.637164116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.637222052 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.637231112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.637257099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.639077902 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.643935919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.644006968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.644016027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.644068956 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.644069910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.644366026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.650729895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.650784016 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.650795937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.650806904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.651076078 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.657293081 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.657372952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.657376051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.657407999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.658058882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.663340092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.663395882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.663414955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.663424969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.663455009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.663492918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.669569016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.669637918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.669677019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.669687033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.669744015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.674424887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.674536943 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.675259113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.675266981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.675307035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.675359011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.675368071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.679081917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.680886984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.680986881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.683100939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.683166027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.683384895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.683394909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.683404922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.683435917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.683535099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.688203096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.688218117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.688272953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.688290119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.688299894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.688591957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.693187952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.693200111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.693209887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.693257093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.693264008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.693320990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.693320990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.698029041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.698090076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.698220015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.698230028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.698260069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.699893951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.702903032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.702933073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.702943087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.702980042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.702980042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.703001976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.707676888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.707736969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.707777977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.707777977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.708014965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.708024979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.708061934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.712542057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.712552071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.712619066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.712619066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.712629080 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.712637901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.712707996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.712707996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.717375040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.717387915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.717397928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.717449903 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.717608929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.720454931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.720474005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.720489979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.720563889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.720563889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.723433971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.723448992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.723460913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.723490953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.723552942 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.726234913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.726248026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.726258993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.726319075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.726319075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.729233027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.729245901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.729257107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.729300022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.729384899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.731937885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.732013941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.732026100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.732053041 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.732053041 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.734255075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.734308004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.734308004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.735008001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.735018015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.735027075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.735054016 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.736926079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.736974001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.736974001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.737850904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.737860918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.737869978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.737921000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.738034964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.741040945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.741059065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.741070032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.741101027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.741152048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.743776083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.743788004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.743797064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.743876934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.743876934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.746481895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.746505022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.746514082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.746548891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.746561050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.746575117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.746598959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.761508942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761523962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761534929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761651039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.761785984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761797905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761807919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.761833906 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.761873007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.762015104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762025118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762036085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762074947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.762074947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.762216091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762228012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762238979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.762295961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.762295961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.763947010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.763957024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.763966084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.764017105 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.764017105 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.766709089 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.766766071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.766858101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.766869068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.766877890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.766932011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.766932011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.769644976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.769721031 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.769746065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.769819021 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.771826029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.771936893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.772403955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.772413969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.772453070 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.772502899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.772511959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.772538900 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.772630930 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.774478912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.774523973 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.775413036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.775425911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.775437117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.775459051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.778625011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.778642893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.778704882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.778716087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.778774023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.778774023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.781183004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.781193972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.781203985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.781275988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.781351089 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.784061909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.784073114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.784087896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.784096956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.784286022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.784286022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.786642075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.786700964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.786714077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.786761045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.786849022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.786858082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.786895990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.789463997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.789520025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.789578915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.789589882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.789648056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.791409016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.791459084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.792371035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.792382002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.792392015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.792418003 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.792805910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.795032024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.795072079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.795082092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.795128107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.795128107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.795141935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.797069073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.797120094 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.797794104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.797805071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.797813892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.797843933 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.797893047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.800297976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.800358057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.800369024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.800375938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.800415993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.800415993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.802854061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.802898884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.802908897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.802913904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.802934885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.802984953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.805090904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.805167913 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.805582047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.805593014 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.805602074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.805608034 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.805629015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.805692911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.807898998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.807962894 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.807971954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.807982922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.808031082 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.808079004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.810791016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.810859919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.810956955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.810967922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.810976982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.811033010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.811033010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.813983917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.814019918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.814028978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.814042091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.814091921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.814091921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.814964056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.814973116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.814981937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.815011978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.815079927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.815633059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.816898108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.816905975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.816951990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.816951990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.816970110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.816978931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.818902016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.818912983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.818922043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.818959951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.818959951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.818999052 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.821299076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.821372032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.821377039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.821381092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.821427107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.821427107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.821644068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.821685076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.822666883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.822685003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.822695971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.822732925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.822732925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.825299978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.825356007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.825366974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.825370073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.825421095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.825421095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.826174974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.826241970 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.826294899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.826303005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.826349020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.827405930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.827447891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.828056097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.828067064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.828077078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.828094959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.828118086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.832719088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.832762003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.832772017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.832793951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.832854033 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.832966089 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.832977057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.833014011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.833169937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.833210945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.833317995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.833328009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.833367109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.834815025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.834825039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.834918022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.835098028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.835108042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.835210085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.836493969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.836503983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.836568117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.836597919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.836606026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.836641073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.836718082 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.838114023 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.838126898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.838135958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.838162899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.838296890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.839693069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.839704037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.839714050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.839759111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.839822054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.842473984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842482090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842526913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842536926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.842536926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842583895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.842583895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.842726946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842756987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.842787027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.842916012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.844074965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.844739914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.844749928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.844759941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.844791889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.844949007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.845882893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.845892906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.845902920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.845932961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.845946074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.845998049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.845998049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.847317934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.847327948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.847337008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.847429991 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.848651886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.848696947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.848758936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.848767996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.848814964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.848814964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.850183010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.850193024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.850202084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.850230932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.850289106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.851566076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.851609945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.851619959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.851625919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.851674080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.853141069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.853152037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.853161097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.853193045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.853246927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.854842901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.854878902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.854888916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.854952097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.854952097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.855747938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.855807066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.855815887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.855850935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.855851889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.856647968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.857178926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.857224941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.857233047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.857242107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.857286930 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.859251976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.859265089 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.859275103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.859380007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.859380007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.860665083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.860675097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.860730886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.860827923 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.860837936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.860879898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.861421108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.861430883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.861439943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.861483097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.861501932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.864274025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.864331007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.864331961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.864341021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.864381075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.864434004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.864504099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.864514112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.864550114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.870100021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870167971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870177031 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.870179892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870260000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.870260000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.870361090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870372057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870381117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870390892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.870414972 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.870785952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.876497984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876513004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876524925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876599073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.876599073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.876636028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876646042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876656055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.876704931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.876704931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.887356997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887368917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887379885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887511015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887520075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887531042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887542963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.887542009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.887660027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.890616894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890629053 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890640020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890677929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.890822887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890835047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890846014 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890856981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.890871048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.890871048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.890965939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.896709919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.896764040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.896774054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.896789074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.896820068 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.896820068 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.896974087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.897001028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.897036076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.897036076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.897095919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.897106886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.897115946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.897145987 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.897190094 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.904335022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904352903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904365063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904434919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.904434919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.904494047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904505014 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904520035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904551029 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.904747963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904758930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.904794931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.904794931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.910475016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910485983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910496950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910542965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.910576105 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.910669088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910681009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910691977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910703897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.910732031 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.910790920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915097952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915118933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915128946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915196896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915256977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915260077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915309906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915319920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915348053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915386915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915386915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.915451050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915462017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.915631056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.920749903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.920759916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.920768976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.920866966 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.920877934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.920953989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.920977116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.920986891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.921022892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.921206951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.921216011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.921263933 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.923600912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923612118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923624039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923669100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.923670053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.923716068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923727989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923739910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923752069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.923758030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.923798084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.923799038 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.924540997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.924726009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.928399086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928411961 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928422928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928468943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928513050 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.928513050 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.928544044 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928582907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.928627968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928639889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928821087 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.928874969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.928916931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933017015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933028936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933041096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933087111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933099031 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933136940 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933136940 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933175087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933187962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933212042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933269978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.933324099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933335066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.933374882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.937422991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937433004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937443972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937503099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.937546015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.937570095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937581062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937616110 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.937763929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937776089 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.937843084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.940357924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940370083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940381050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940428019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.940521002 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.940527916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940538883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940627098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940637112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940645933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.940675974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.940675974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.940695047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.944530964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944552898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944561958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944628954 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.944628954 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.944655895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944668055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944679022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944689989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944732904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.944734097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.944902897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.944953918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.949834108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.949843884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.949852943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.949913025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.950071096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.950081110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.950090885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.950103045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.950122118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.950246096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.953047037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953057051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953067064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953109026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.953155994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.953272104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953282118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953291893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953320026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.953358889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.953511953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.953581095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.959364891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959374905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959383965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959429026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.959629059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959640026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959650040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959661007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.959681034 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.959911108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.975452900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975462914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975472927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975621939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975627899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.975632906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975640059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975646019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.975743055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979088068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979140997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979163885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979173899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979232073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979245901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979255915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979296923 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979595900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979645967 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979660988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979721069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.979728937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.979785919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993201971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993213892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993225098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993288994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993395090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993407011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993417978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993431091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993441105 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993506908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993506908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993748903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993822098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993832111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.993833065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.993928909 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.994031906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.994043112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.994050026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.994055033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.994117022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.994117022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.999232054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.999262094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.999273062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.999351978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:08.999389887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:08.999448061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.000031948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.000078917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.000083923 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.000097036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.000124931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.000199080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.000401974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.000533104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.004549980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004616022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.004625082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004636049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004647017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004662037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.004708052 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.004774094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004785061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004793882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.004813910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.004848003 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.012264967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012274027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012335062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.012353897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012425900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012435913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012445927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012463093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.012463093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.012512922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.012660027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012670040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.012773037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.017505884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017571926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017576933 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.017582893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017610073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.017658949 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.017755985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017765999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017776966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.017827988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.017827988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.018160105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018170118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018179893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018188953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018199921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018207073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.018210888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018254042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.018254042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.018546104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018556118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.018610954 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.021807909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.021819115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.021830082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.021867037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.021908045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.022047997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.022058010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.022068024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.022078037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.022090912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.022135019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026097059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026106119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026154995 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026170969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026211023 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026218891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026246071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026246071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026262045 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026379108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026388884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026397943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.026458025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.026458025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.029061079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029072046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029082060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029129982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.029200077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029210091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029243946 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.029243946 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.029318094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029330015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.029362917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.033243895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033261061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033272028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033297062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.033325911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.033417940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033427954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033437967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033447981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.033463955 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.033544064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042150974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042162895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042172909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042257071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042321920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042331934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042342901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042360067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042382002 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042409897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042443037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042649984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042660952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042701006 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042836905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042846918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042857885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.042884111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.042905092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.043085098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.043093920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.043134928 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.047518969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047569036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047578096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047576904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.047622919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.047622919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.047696114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047833920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047843933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047853947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.047879934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.047879934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.049205065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.049222946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.049279928 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.067832947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067842007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067852974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067915916 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.067948103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067958117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067964077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.067975998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.067985058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.067991018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068011999 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.068061113 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.068312883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068325043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068460941 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.068608046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068618059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068630934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068654060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.068752050 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.068856955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068867922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.068911076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.069303989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.069364071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.081897020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.081907988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.081917048 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.081983089 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082015038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082026005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082113028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082237005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082247019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082256079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082272053 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082282066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082329035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082329035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082653999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082665920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082693100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082741976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082825899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082838058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.082870960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.082978010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.087896109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.087905884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.087915897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.087950945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.088135958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.088138103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.088146925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.088156939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.088165998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.088175058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.088188887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.088229895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.088229895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.092547894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092559099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092567921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092616081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.092686892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092698097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092824936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092833996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092844009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.092864990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.092864990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.092942953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.100996017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101047993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101058006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101089001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.101089001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.101185083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101195097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101231098 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.101366997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101383924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101392984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.101411104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.101473093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.106607914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106621027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106688023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.106703997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106739998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106751919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106798887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.106798887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.106952906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106964111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106973886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.106985092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107002020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.107002020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.107028961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.107300997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107312918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107347965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.107594967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107606888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107642889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.107682943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107692957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.107814074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.110645056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110657930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110671043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110702991 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.110780954 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.110826015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110836983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110846996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.110872030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.110929012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.111421108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.111474991 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.114952087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.114963055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.114974976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115047932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.115047932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.115093946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115104914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115114927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115195036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.115195036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.115230083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115242958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.115269899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.115360022 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.117773056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.117783070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.117791891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.117855072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.117883921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.117893934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.118027925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.118037939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.118046999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.118077993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.118077993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.118233919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.122073889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122086048 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122096062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122128010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.122229099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122231007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.122240067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122251034 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122262955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.122298002 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.122298002 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.130690098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.130702972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.130798101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.130805969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.130817890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.130830050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.130878925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.130878925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131004095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131016016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131027937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131040096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131055117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131071091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131283998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131360054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131371021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131418943 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131418943 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.131642103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131653070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131664991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.131686926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.132368088 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.132891893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.132956982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.136696100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136734009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136744022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136749983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.136792898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.136792898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.136908054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136919975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136929989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.136955023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.137064934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.137202024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.137521029 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.156776905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156796932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156810999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156840086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.156864882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.156934977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156944990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156955957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156965971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.156975985 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.157021999 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.157021999 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.170578957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170592070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170603991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170636892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.170774937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170784950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170790911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.170799017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170813084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.170840025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.170840025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171139956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171142101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171152115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171216965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171216965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171263933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171274900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171284914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171334028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171334028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171557903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171569109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171581030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171591043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171602011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.171614885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171614885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.171725988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.172069073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.172080040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.172090054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.172116995 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.172261953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.175107002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176532984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.176703930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176713943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176723957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176779032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.176779032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.176831007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176847935 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176858902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176868916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.176884890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.176884890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.179079056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.181308031 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181324005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181334019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181382895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.181396961 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181454897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.181454897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.181545019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181555986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181567907 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181577921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.181619883 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.181619883 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195410013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195420980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195431948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195487976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195522070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195533991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195559978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195559978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195647955 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195693016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195704937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195714951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.195763111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.195763111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196039915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196049929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196059942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196084023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196280003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196290016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196302891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196321011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196321011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196353912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196353912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196552992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196563005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196614027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196614027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196645975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196656942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196667910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196688890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196816921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.196896076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196907043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.196945906 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.197072029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.197082996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.197113037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.203665972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203676939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203687906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203728914 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.203836918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203849077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203876019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.203876019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.203891039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.203984976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.203995943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204021931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204149961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204205036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204216957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204272032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204272032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204395056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204407930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204449892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204449892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204504967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204516888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204545021 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204653025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204662085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.204698086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.204698086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.206744909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206779957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206789017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206856966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206861019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.206867933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206878901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206891060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.206931114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.206931114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.207014084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.207644939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.207690001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.210679054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210735083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210741997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.210745096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210783958 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.210783958 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.210848093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210859060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210870028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210881948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.210908890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.210908890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.211246014 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.211559057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.211790085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.219589949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219628096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219639063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219732046 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.219732046 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.219777107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219789028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219799995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219810963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.219849110 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.219849110 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.220237970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220248938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220258951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220271111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220280886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220293045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220302105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.220314026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.220314026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.220349073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.220349073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.245477915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245491982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245503902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245558977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.245558977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.245671988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245682955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245698929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245711088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.245735884 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.245735884 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.245821953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.246048927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246061087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246072054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246093035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.246228933 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.246243954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246260881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246272087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246284008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.246300936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.246300936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.246567965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259298086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259365082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259373903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259408951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259408951 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259573936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259583950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259593964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259603977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259610891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259610891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259661913 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259661913 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259887934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259902954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259913921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259928942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.259973049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.259973049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260274887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260286093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260296106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260307074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260315895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260318041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260361910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260363102 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260766029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260776997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260787964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260812998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260931969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.260946035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.260957003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.261262894 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.265404940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265417099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265428066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265453100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.265563011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265573978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265614986 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.265614986 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.265652895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265670061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265680075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.265837908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.270663977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270677090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270687103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270725965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.270780087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270793915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270828009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.270828009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.270908117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.270956993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270968914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.270979881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.271002054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.271239042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284169912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284181118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284192085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284256935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284256935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284373999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284384966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284445047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284445047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284496069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284507990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284549952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284549952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284706116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284715891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284728050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284739017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284743071 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284750938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.284790993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.284790993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285100937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285110950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285154104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285213947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285224915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285237074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285281897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285283089 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285473108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285578012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285586119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285597086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285608053 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285623074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.285655975 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285655975 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.285681009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.292560101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292587996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292598963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292649984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.292649984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.292884111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292895079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292907000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292920113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.292972088 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.293041945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.295439959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295483112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295490980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.295497894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295530081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.295591116 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.295651913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295663118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295691967 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.295819998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295831919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.295865059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.296022892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296032906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296044111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296053886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296061039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.296066046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296092987 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.296370983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.296533108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296544075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.296597958 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.299540043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299556971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299568892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299619913 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.299619913 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.299688101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299706936 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299751997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.299751997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.299798012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299808979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299818039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.299840927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.300082922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308237076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308275938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308285952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308330059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308330059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308439970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308450937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308464050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308476925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308516026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308516026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308744907 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308790922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308835983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308901072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.308911085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.308923006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309061050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309098005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.309098005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.309161901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309221983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309233904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309263945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.309263945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.309551954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.309636116 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.334266901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334280968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334292889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334489107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.334497929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334510088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334522009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334532976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334544897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334583044 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.334583044 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.334871054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334882975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334892988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334904909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334916115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.334924936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.334924936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.339081049 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.339103937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.343108892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348015070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348084927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348097086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348148108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348148108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348252058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348262072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348290920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348290920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348469973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348485947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348498106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348511934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348512888 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348512888 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348524094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348552942 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348552942 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348879099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348893881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348906994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.348923922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.348923922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.351083040 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.351102114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354038000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354068041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354120016 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.354120016 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.354134083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354156017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354168892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354180098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354213953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.354213953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.354372025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354382992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.354419947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.354419947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359261990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359273911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359436035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359446049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359457970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359468937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359509945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359509945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359679937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359692097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359730005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359730005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359906912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359919071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359930992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.359978914 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.359978914 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.360119104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.360130072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.360141039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.360152006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.360197067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.360198021 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.372975111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.372984886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.372994900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373051882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373205900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373218060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373228073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373275995 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373368979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373380899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373416901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373416901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373480082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373491049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373678923 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373689890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373728037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373728037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373795986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373812914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.373866081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.373866081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374058962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374072075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374082088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374123096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374123096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374206066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374279022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374289036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374321938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374321938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374480963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374491930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374501944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.374546051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.374546051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.381258011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381316900 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.381349087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381361008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381390095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.381517887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381527901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381556988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.381607056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.381701946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.381712914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384340048 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384349108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384358883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384401083 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384401083 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384459972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384478092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384495974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384504080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384504080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384507895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384547949 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384547949 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.384867907 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384877920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384958982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.384968996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385004997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.385004997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.385082960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385094881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385132074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.385274887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385284901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385294914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.385343075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.385343075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.388544083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388555050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388567924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388616085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388616085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.388616085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.388628006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388641119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388652086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.388669968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.388669968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.389094114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.389156103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.389156103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.397208929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397218943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397269011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.397557974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397568941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397579908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397623062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.397623062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.397912025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397927999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397938967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.397949934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398139954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398152113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398166895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398166895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398166895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398200035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398200035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398256063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398264885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398276091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.398319960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.398319960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.402261972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.402323008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423074007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423105955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423151016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423161030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423244953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423244953 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423336029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423346996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423358917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423371077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423409939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423409939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423727989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423738003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423755884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423767090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.423791885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.423791885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.424094915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.424107075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.424138069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.424138069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.436914921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.436979055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.436980963 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.436990023 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437094927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.437109947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437122107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437159061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.437298059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437308073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437319040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.437361956 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.437362909 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.442810059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.442830086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.442842007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.442862988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.442919016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.442924976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.442930937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443022966 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443056107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443068981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443094015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443167925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443254948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443265915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443275928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443320990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443320990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443454027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443550110 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443593025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443603992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443665981 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.443717003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443727016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443732977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.443923950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448117971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448131084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448136091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448240995 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448254108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448285103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448297977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448359966 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448359966 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448436022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448448896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448517084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448652983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448663950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448673964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448703051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448734999 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.448802948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448813915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.448857069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.449110985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.449157000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.449167013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.449302912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.461828947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.461841106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.461852074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.461888075 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462037086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462048054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462064981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462074995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462085962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462100983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462100983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462454081 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462471008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462481976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462492943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462493896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462493896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462505102 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462516069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.462559938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.462559938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.469908953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.469968081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470000982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470015049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470228910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470240116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470252037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470262051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470273018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470278025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470278025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470320940 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470320940 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470602989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470613956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470655918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470685005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470695972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470706940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.470746994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.470746994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.471000910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.471085072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.471421957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.472122908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473221064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473253012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473263025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473288059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473326921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473392963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473404884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473417997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473429918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473463058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473463058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473745108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473756075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473815918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473815918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.473961115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473979950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.473992109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.474014997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.474045992 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.474164963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.474175930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.474190950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.474211931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.474291086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477267981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477323055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477332115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477341890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477394104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477394104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477488041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477500916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477513075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477524996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477562904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477562904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.477886915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.477962017 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486125946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486160994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486171007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486190081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486239910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486239910 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486459970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486471891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486484051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486495972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486506939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486536026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486536026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486557961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486814976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486825943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486836910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486849070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.486877918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486877918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.486999989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.487138987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.487149954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.487194061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.511969090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512026072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512036085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512046099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512131929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512131929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512166977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512180090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512247086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512247086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512351036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512362957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512373924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512384892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512417078 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512417078 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512559891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512677908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512732983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512820005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512861967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512872934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512881994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.512897968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512897968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.512932062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.525774956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.525841951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.525854111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.525895119 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.525954008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.525980949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.525993109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.526048899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.526078939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.526165009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.526175976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.526210070 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.526251078 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.531558037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531639099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531650066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531692982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.531692982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.531780005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531924963 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531925917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.531938076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.531974077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.531986952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532011032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532022953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532033920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532047033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532085896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532085896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532310009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532381058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532506943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532520056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532531977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532543898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532553911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.532568932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532568932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.532607079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.536856890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.536926985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.536936998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.536982059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.536983013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537064075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537075043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537091970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537123919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537163973 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537313938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537323952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537336111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537385941 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537385941 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537508965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537520885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537532091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537542105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537579060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537587881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.537760973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.537846088 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.550729036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.550793886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.550821066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.550832033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.550947905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.550988913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551000118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551009893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551019907 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551079035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.551079035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.551531076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551542044 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551551104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551561117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551601887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.551601887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.551677942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551688910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551697969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.551752090 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.551752090 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559197903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559262037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559273958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559458971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559470892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559482098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559488058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559513092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559513092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559670925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559781075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559932947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559945107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559954882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559967995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559978962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.559981108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559981108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.559990883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.560029984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.560029984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562104940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562165976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562176943 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562177896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562336922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562350035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562383890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562383890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562458992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562526941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562537909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562549114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562561035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562566996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562566996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.562982082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.562992096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.563002110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.563014984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.563026905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.563026905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.563076019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.563076019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.566107988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566145897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566157103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566160917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.566255093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566298008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.566298008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.566356897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566366911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566378117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566385984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.566433907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.566433907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.574770927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.574831009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.574831009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.574841976 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.574907064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.574907064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.574985981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.574996948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575006008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575016975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575052977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575053930 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575283051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575390100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575400114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575409889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575433969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575433969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575647116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575689077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575689077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575757027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575767040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575885057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.575934887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.575934887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.608344078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608362913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608375072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608385086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608397007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608409882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608422041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608432055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608443022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608453035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608463049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608474016 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608500004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608510971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.608581066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.608767033 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.614687920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.614762068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.614773035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.614876986 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.614891052 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.614903927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.614955902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.614983082 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.615063906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.615077019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.615087032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.615129948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.615180969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.615252972 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.620470047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620568037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620573044 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.620579004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620661020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.620712996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.620740891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620754004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620764971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620824099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.620974064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620985031 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.620995045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621056080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.621239901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621285915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.621335030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621345997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621470928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621476889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.621486902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.621517897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.621543884 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.625662088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625699997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625725985 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.625739098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625746965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.625751019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625792027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.625792027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.625930071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625940084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625950098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.625960112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.626027107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.626110077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.639403105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639467955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639483929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639528990 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.639658928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639671087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639683008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.639816046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639827013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.639839888 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.639914989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640016079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640026093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640038013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640048027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640058994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640060902 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640119076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640119076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640419006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640430927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640475035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640564919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640577078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640659094 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640784025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640795946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640805960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640816927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640827894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.640850067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640850067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.640902042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.647805929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.647864103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.647872925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.647890091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.647986889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648099899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648112059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648153067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648173094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648185015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648200035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648251057 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648277998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648358107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648359060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648444891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648456097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648467064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648503065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648577929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648617983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648679018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648689985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648720980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648765087 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.648845911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648857117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.648889065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.651633024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651688099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.651704073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651715040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651765108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.651779890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.651911974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651926994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651938915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651951075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651961088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.651978970 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.652004004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.652256012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652298927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.652374983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652386904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652398109 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652407885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652419090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652425051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.652430058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.652470112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.652470112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657566071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657629013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657633066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657644033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657675028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657699108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657849073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657886982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657897949 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657897949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657911062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.657939911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657939911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.657962084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.663666010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663716078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663726091 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663747072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.663809061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663836956 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.663918018 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.663965940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663978100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.663988113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664041996 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664161921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664169073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664216042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664280891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664292097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664300919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664308071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664319038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664343119 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664343119 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664370060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664686918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664735079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.664764881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.664824963 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.689661980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.689692020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.689702988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.689776897 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.689842939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.689908028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.689915895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690005064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690037012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690047979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690057039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690088034 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690167904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690303087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690314054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690324068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690373898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690373898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690504074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690546036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690613031 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690623999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690658092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.690726042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.690792084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.703603983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703685045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703694105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703839064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.703913927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703924894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703933954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703944921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.703995943 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.704027891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709323883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709383965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709384918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709395885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709436893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709482908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709501982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709570885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709573984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709599972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709614992 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709640026 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709908009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709918022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709927082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709937096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.709971905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.709992886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.710144043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.710159063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.710166931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.710176945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.710194111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.710210085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.710235119 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.714670897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.714745998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.714751959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.714757919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.714802027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.714802027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.714895010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.714905024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.715009928 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.715020895 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.715032101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.715085030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728176117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728245020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728255987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728338957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728372097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728389978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728401899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728413105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728471994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728506088 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728562117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728574038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728650093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728759050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728836060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728890896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728903055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728949070 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728949070 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.728979111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.728991032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.729042053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.729166985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.729177952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.729187965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.729218960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.729233980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.736527920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736584902 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.736660004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736668110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736702919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.736737967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736747980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736757040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736763000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.736809015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.736809015 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737019062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737097025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737098932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737149000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737158060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737202883 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737221956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737232924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737262964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737421989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737432003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737474918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737538099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737575054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737580061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737659931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737744093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737754107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737762928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737771988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.737802982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.737802982 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.738053083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.738063097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.738071918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.738080025 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.738116980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.738183975 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740479946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740569115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740571976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740580082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740619898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740736008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740746975 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740797997 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740864038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740906000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740910053 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740920067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740928888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.740952969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.740999937 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.741173983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741189957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741199970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741210938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741228104 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.741266012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.741266012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.741498947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741543055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.741600037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.741679907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.743700981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.743747950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.743766069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.743774891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.743810892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.743875027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.743885994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.743949890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.744019985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.744029999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.744039059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.744076014 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.744076014 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.760684013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760750055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760759115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760838985 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.760838985 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.760955095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760966063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760971069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.760976076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761024952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.761024952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.761326075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761336088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761344910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761356115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761375904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.761432886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.761655092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761663914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761672974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.761806965 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.778423071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778506994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778516054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778533936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.778589964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778624058 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.778681993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778698921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778734922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.778773069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.778886080 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778896093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.778954983 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.779022932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779032946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779042959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779052973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779062033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779088974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.779088974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.779119968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.779428959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779501915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.779514074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.779570103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.792360067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792442083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792452097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792501926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.792501926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.792629004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792639017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792649031 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.792673111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.792711020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.792854071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.793512106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798229933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798285961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798305988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798316002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798492908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798532009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798532009 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798557997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798568010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798578024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798587084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798628092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798628092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.798852921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.798990011 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.799058914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799069881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799078941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799088955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799132109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.799132109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.799280882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799289942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.799490929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.803786039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.803836107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.803878069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.803889036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.803994894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.804027081 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.804066896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.804172039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.804188013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.804197073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.804205894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.804246902 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.804248095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.816994905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817032099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817039967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817079067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817195892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817207098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817218065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817225933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817236900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817289114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817289114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817544937 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817555904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817564964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817603111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817603111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817744970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817828894 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.817857981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817869902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.817981005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.818047047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.818057060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.818115950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.825902939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.825968027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.825982094 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826055050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826061010 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826066017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826128960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826277971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826287985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826302052 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826312065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826355934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826355934 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826637030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826647043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826658010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826698065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826698065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826901913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826911926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826920986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826930046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.826944113 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.826963902 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.827223063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827233076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827241898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827251911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827321053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.827321053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.827548981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827558994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.827615023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.827615023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.829334974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829400063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829402924 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.829408884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829456091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.829456091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.829627991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829638004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829647064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829657078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.829694986 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.829834938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.830037117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832413912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832463026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832470894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832475901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832520008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832520008 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832547903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832669973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832679033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832706928 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832706928 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832824945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832839966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832849026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832859993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.832861900 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832861900 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832917929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.832917929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.833060980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.833101034 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.833183050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.833252907 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.833281040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.833292007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.833329916 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.833329916 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.833370924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.833473921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.849456072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849515915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.849517107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849528074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849581957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.849663973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849674940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849683046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849693060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.849741936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.849741936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.850033045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850043058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850053072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850064993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850100994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.850100994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.850327015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850388050 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.850435019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850445032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850527048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.850564003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.850641012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867197990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867265940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867275953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867295980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867377043 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867393970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867405891 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867412090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867453098 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867474079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867609978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867711067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867722988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867736101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867769957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867769957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867826939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867914915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867924929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867928028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867935896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867948055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.867985964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.867985964 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.868314981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.868325949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.868372917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.886945009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.886997938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.886997938 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887007952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887048006 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887135983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887145042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887145996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887197971 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887198925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887332916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887342930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887353897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887372017 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887554884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887588024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887589931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887624979 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887624979 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887667894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887679100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887689114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887698889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.887711048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887737989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.887763977 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888047934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888098955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888123989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888151884 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888227940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888237953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888247967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888268948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888315916 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888489008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888499022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888541937 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888541937 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.888652086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.888797998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.892724991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892813921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892822981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892849922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.892849922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.892898083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892908096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892918110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.892934084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.892934084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.892959118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.893062115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.893127918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.893134117 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.893172979 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906266928 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906303883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906311989 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906390905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906390905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906445026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906461000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906470060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906481028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906518936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906518936 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906754017 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906812906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906852007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906852007 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906925917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906935930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906946898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.906980991 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.906980991 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.907200098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.907210112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.907218933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.907243013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.907243013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.907699108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.914630890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914675951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914679050 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.914685011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914733887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.914733887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.914866924 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914876938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914886951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914896011 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.914912939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915093899 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915153980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915232897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915267944 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915267944 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915302038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915313005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915322065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915333033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915347099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915512085 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915720940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915762901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915793896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915802002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915875912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.915940046 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915949106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915960073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.915970087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.916002989 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.916003942 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.916233063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.916412115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.916460037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.916521072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921171904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921271086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921278954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921317101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921317101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921334982 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921437025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921479940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921489954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921498060 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921511889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921521902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921533108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921559095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921559095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921612024 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921839952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921911955 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921922922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.921941042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921941042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.921961069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922406912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922418118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922472000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922472000 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922482014 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922492981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922662020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922683001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922693968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922703981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922712088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922724962 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922729969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922739029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.922777891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.922777891 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938246012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938294888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938306093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938407898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938417912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938461065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938461065 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938582897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938592911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938601971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938652992 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938652992 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938807964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938817978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938827991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.938879967 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.938879967 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.939063072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.939074993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.939110041 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.939210892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.939220905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.939322948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956279993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956334114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956407070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956459045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956469059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956469059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956469059 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956511974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956513882 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956547022 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956581116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956592083 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956592083 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956617117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956646919 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956765890 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956799984 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956816912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956816912 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956834078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956867933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956880093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956880093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956903934 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.956945896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.956945896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.957125902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.957386971 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.975868940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.975908041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.975919008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.975984097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976051092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976061106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976070881 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976082087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976159096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976159096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976159096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976159096 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976376057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976386070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976437092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976509094 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976562023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976589918 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976608038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976634979 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976685047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.976811886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976823092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976831913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.976854086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.977062941 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.981554985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981651068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981662035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981671095 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.981733084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.981801987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981812954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981822968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981837988 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.981870890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.981870890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.981964111 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982013941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982111931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982122898 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982148886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982148886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982243061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982253075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982284069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982284069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982320070 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.982376099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982387066 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.982906103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.995410919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995466948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995482922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995563984 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.995644093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.995670080 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995685101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995695114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995707035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.995747089 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.995747089 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.996054888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996067047 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996076107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996087074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996117115 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.996170998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.996382952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996393919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996404886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:09.996434927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:09.996504068 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.003525972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.003571987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.003582954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.003633976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.003633976 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.003729105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004012108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004059076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004059076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004065990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004077911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004211903 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004297018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004307985 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004317045 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004327059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004360914 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004362106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004638910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004650116 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004708052 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004708052 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004769087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004863977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004873991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004884005 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004894018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004901886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004901886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004905939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004919052 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.004946947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.004946947 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.005117893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.005408049 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.005527020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.009974003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010018110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010027885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010029078 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010085106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010085106 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010108948 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010122061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010168076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010168076 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010298967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010312080 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010324001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010340929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010497093 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010590076 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010601997 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010618925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010629892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010679960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010679960 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010822058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010909081 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010920048 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.010953903 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.010953903 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.011044979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011055946 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011068106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011080027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011089087 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.011421919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011430025 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.011447906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.011486053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.011486053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027020931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027098894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027108908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027153969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027272940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027285099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027319908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027319908 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027415037 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027426004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027448893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027479887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027479887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027642965 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027653933 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027662992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027673006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027683020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.027700901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.027843952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.028039932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.028083086 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.028431892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.028495073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.044922113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.044987917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.044997931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045063019 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.045118093 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045129061 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045212030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.045212030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.045295000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045305967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045315981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.045345068 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.045452118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.064917088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065005064 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.065135956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065146923 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065273046 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.065273046 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.065284967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065296888 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065306902 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065316916 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065326929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.065367937 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.065520048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.066046953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066057920 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066070080 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066082001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066093922 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066107035 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066118956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066123962 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.066124916 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.066131115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066143036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066154003 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.066162109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.066162109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.066586018 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.069118977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.069129944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.069140911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.069188118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.069210052 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070488930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070559978 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070569038 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070571899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070620060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070620060 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070746899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070759058 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070770979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.070816994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070816994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.070990086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.071002007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.071012020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.071022987 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.071034908 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.071043968 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.071084023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.071084023 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.072870970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.072923899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.072933912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.072973013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.072973013 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.084726095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.084811926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.084821939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.084871054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085021973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085033894 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085045099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085055113 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085071087 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085071087 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085134029 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085362911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085374117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085385084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085395098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085445881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085445881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085642099 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085653067 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085659027 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.085721970 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.085721970 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.092545986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092633963 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.092679977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092690945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092744112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.092744112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.092878103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092888117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092897892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.092946053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.092946053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093046904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093163967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093173981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093183994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093194008 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093204021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093209028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093209028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093261957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093261957 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093592882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093604088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093612909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093650103 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093653917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093664885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093673944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093683958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.093693972 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093693972 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093738079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.093738079 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.094194889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.094206095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.094358921 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.098771095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098834038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098843098 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098865986 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.098915100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.098968983 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098979950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098989010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.098999023 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099051952 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099061012 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099173069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099230051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099256039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099318981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099328995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099344969 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099364042 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099478006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099489927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099531889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099577904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099587917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099597931 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099617004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099617004 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099736929 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099771023 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099781036 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099791050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099814892 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.099973917 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099984884 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.099993944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.100003958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.100019932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.100019932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.100435972 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.115808964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.115870953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.115880966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.115942001 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.116015911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.116027117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.116038084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.116049051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.116071939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.116071939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.116111040 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.116111040 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.116307020 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.116357088 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.133718967 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.133816004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.133825064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.133850098 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.133850098 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.133923054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.133955002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.133965969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134000063 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134018898 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134062052 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134140015 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134150028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134159088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134167910 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134180069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134180069 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134226084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134226084 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134566069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134576082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134584904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134593010 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134604931 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134730101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.134854078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.134896994 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.153623104 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153671980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153680086 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153702974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.153722048 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.153841972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153851032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153860092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153872013 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.153923988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.153923988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154207945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154217958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154227018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154236078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154246092 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154254913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154268980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154268980 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154381037 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154656887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154726028 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154787064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154795885 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154896021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154903889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154906988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154917002 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154927969 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.154966116 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.154966116 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.155121088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.155199051 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.155206919 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.155216932 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.155343056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159307957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159389973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159399033 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159432888 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159432888 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159555912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159567118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159574986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159585953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159615993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159635067 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159774065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159784079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159792900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159801960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.159841061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.159841061 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.160079956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.160089970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.160099030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.160144091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.160144091 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.173418999 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173485994 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173497915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173535109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.173535109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.173692942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173705101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173715115 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173726082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.173742056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.173742056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.173978090 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.174012899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174022913 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174032927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174046040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174079895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.174079895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.174355030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174367905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174386978 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.174482107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.174510956 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.174611092 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181243896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181309938 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181320906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181349993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181349993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181387901 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181516886 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181526899 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181538105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181548119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181597948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181597948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181859970 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181873083 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181883097 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181894064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181904078 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.181921005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181972027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.181972027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182255030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182266951 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182276964 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182320118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182449102 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182475090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182521105 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182531118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182539940 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182543993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182564974 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182590961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182590961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182848930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182858944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182868958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.182918072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.182918072 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.187609911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187680960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187690973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187690973 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.187716961 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.187742949 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.187860012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187870979 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187880993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187891960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.187935114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.187935114 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188076019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188152075 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188158035 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188163996 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188199043 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188209057 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188328981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188339949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188349962 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188360929 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188400030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188400030 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188586950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188599110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188610077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188622952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188649893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188649893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188772917 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188865900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188875914 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188885927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.188927889 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.188981056 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.204679012 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.204730034 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.204741001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.204849005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.204849005 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.204874039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.204885960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.204947948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.205056906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.205068111 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.205077887 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.205115080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.205115080 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.222676039 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222714901 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222723961 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222795963 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.222795963 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.222856998 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222872019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222882986 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222893000 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.222935915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.222935915 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.223162889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.223248959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.242525101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242573977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242584944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242626905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.242626905 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.242767096 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242778063 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242811918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.242811918 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.242947102 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.242958069 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243171930 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243181944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243192911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243202925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243213892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243216038 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243216038 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243261099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243262053 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243527889 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243539095 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243578911 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243590117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243599892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243609905 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.243613958 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243613958 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243647099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.243902922 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244049072 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244093895 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244173050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244184971 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244232893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244232893 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244306087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244316101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244327068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244345903 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244352102 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244395971 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244396925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244817972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244828939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244839907 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.244863987 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.244913101 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248306990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248353958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248363972 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248378038 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248406887 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248554945 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248565912 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248575926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248586893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248630047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248630047 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248842001 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248852968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248909950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248909950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.248913050 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.248992920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.249036074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.249046087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.249121904 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.249133110 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.249155998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.249155998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.249186039 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262250900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262320995 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262331009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262363911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262363911 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262414932 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262521029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262531042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262540102 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262590885 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262592077 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.262723923 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.262759924 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.269998074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270076990 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270087957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270148993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270148993 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270198107 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270207882 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270217896 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270230055 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270243883 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270296097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270632029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270643950 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270677090 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270687103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270697117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270706892 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270714998 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270716906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.270764112 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.270765066 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271137953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271161079 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271204948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271204948 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271271944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271281958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271294117 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271337032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271337032 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271506071 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271517992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271528006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271538973 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271549940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271578074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271578074 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271647930 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.271941900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271953106 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271964073 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271974087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271984100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.271994114 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.272002935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.272002935 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.272114992 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276547909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276664019 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276674032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276702881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276704073 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276724100 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276761055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276761055 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276860952 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276870966 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276880980 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276891947 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276901960 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.276940107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.276940107 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277230024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277240992 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277250051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277260065 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277272940 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277282953 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277302027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277302027 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277604103 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277615070 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277625084 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277650118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277650118 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277796030 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277812004 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277822018 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277838945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277838945 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277905941 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.277942896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.277942896 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.293675900 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293759108 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293768883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293816090 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.293816090 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.293879032 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293936014 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293946981 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293957949 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.293975115 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.293975115 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.293994904 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.331511021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331561089 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331573009 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331711054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.331711054 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.331770897 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331783056 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331794977 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331805944 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.331857920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.331857920 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332098007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332108974 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332119942 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332130909 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332168102 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332168102 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332437038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332448006 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332459927 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332504988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332504988 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332672119 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332684040 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332695007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.332746029 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332746029 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.332911968 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333009958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333020926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333030939 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333041906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333053112 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333056927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333056927 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333070993 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333106041 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333106041 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333574057 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333585024 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333595991 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333652020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333652020 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333817959 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333828926 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333839893 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.333887100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.333887100 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.334059954 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.334070921 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.334101915 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.334112883 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.334124088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.334139109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.334139109 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.336973906 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337025881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337025881 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337048054 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337059021 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337102890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337102890 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337248087 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337258101 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337269068 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337279081 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337322950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337322950 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337435007 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337532043 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337547064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337574959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337574959 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337660074 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337671041 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337701082 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337702036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337702036 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337713957 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.337760925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.337760925 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359055042 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359122038 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359132051 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359244108 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359245062 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359308958 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359319925 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359332085 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359378099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359378099 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359559059 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359570026 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359606028 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359615088 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359631062 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359642029 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.359646082 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359646082 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359692097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.359692097 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.360089064 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.360099077 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.361116886 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.445754051 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.446274996 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.450953007 CEST	9000	49718	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.451013088 CEST	49718	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.451055050 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:10.451122046 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.451361895 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:10.456163883 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.122162104 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.122235060 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.126172066 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.131510019 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.135915041 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.135946989 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.140798092 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.140815973 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.714561939 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.715171099 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.719715118 CEST	9000	49720	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.719888926 CEST	49720	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.719916105 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.720170021 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.720433950 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:11.725126028 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.912895918 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:11.912961960 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:12.371702909 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:12.374885082 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:12.375902891 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:12.378504038 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:12.380707979 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:12.383317947 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:12.997112989 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:12.997632027 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.002141953 CEST	9000	49721	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.002194881 CEST	49721	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.002337933 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.002409935 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.002697945 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.007425070 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.171607971 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.171674967 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.668194056 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.671196938 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.673576117 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.678328991 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:13.802753925 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:13.807650089 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:14.217899084 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:14.223165989 CEST	9000	49725	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:14.223687887 CEST	49725	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:14.319108009 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:14.323992014 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:14.324079990 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:14.324533939 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:14.329525948 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:14.508558035 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:14.508635998 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.794970036 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.795265913 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.795387030 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.795500040 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.795550108 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.795764923 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.798307896 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.800570965 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.801253080 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.803478003 CEST	9000	49729	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.805778980 CEST	49729	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.806063890 CEST	9000	49730	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:15.809206009 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.809525967 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:15.814266920 CEST	9000	49730	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:16.457365036 CEST	9000	49730	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:16.457457066 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.458216906 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.460326910 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.462570906 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.463242054 CEST	9000	49730	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:16.465568066 CEST	9000	49730	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:16.465641022 CEST	49730	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.467422009 CEST	9000	49731	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:16.467634916 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.468019009 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:16.472927094 CEST	9000	49731	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.150207043 CEST	9000	49731	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.150419950 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.151143074 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.153497934 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.155870914 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.156133890 CEST	9000	49731	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.159034014 CEST	9000	49731	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.159101009 CEST	49731	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.161151886 CEST	9000	49732	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.161267042 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.161587954 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.166438103 CEST	9000	49732	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.819056988 CEST	9000	49732	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.819201946 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.832063913 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.833978891 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.837012053 CEST	9000	49732	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.837477922 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.839807034 CEST	9000	49732	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.839878082 CEST	49732	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.842485905 CEST	9000	49733	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:17.842561007 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.842823982 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:17.847544909 CEST	9000	49733	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:18.491851091 CEST	9000	49733	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:18.492008924 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.511441946 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.516231060 CEST	9000	49733	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:18.521534920 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.524063110 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.526741028 CEST	9000	49733	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:18.526813030 CEST	49733	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.528924942 CEST	9000	49734	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:18.529005051 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.529387951 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:18.534250975 CEST	9000	49734	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:19.201780081 CEST	9000	49734	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:19.201873064 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:19.207248926 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:19.211280107 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:53:19.212100983 CEST	9000	49734	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:19.216730118 CEST	9000	49734	49.13.159.121	192.168.2.6
Jul 2, 2024 07:53:19.216782093 CEST	49734	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:54:24.509671926 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:54:24.509757042 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:54:24.509767056 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:54:24.509818077 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:54:47.165060043 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:54:47.165162086 CEST	49728	9000	192.168.2.6	49.13.159.121
Jul 2, 2024 07:54:47.169938087 CEST	9000	49728	49.13.159.121	192.168.2.6
Jul 2, 2024 07:54:47.170046091 CEST	49728	9000	192.168.2.6	49.13.159.121

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 07:52:57.121759892 CEST	51903	53	192.168.2.6	1.1.1.1
Jul 2, 2024 07:52:57.128540039 CEST	53	51903	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 2, 2024 07:52:57.121759892 CEST	192.168.2.6	1.1.1.1	0xd455	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 2, 2024 07:52:57.128540039 CEST	1.1.1.1	192.168.2.6	0xd455	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Jul 2, 2024 07:52:58.854262114 CEST	1.1.1.1	192.168.2.6	0x4954	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 2, 2024 07:52:58.854262114 CEST	1.1.1.1	192.168.2.6	0x4954	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	149.154.167.99	443	6440	C:\Users\user\AppData\Local\Temp\katC422.tmp

Timestamp	Bytes transferred	Direction	Data
2024-07-02 05:52:57 UTC	84	OUT	GET /g067n HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-07-02 05:52:58 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 02 Jul 2024 05:52:57 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12305 Connection: close Set-Cookie: stel_ssid=2c8980bdb7bcd421ca_10101775780335006078; expires=Wed, 03 Jul 2024 05:52:57 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-07-02 05:52:58 UTC	12305	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 30 36 37 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g067n</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.

Target ID:	0
Start time:	01:52:51
Start date:	02/07/2024
Path:	C:\Users\user\Desktop\pDHKarOK2v.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\pDHKarOK2v.exe"
Imagebase:	0x400000
File size:	1'717'248 bytes
MD5 hash:	83191F9561B65C2EBB2C95827DE22C10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:52:52
Start date:	02/07/2024
Path:	C:\Users\user\AppData\Local\Temp\katC422.tmp
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\katC422.tmp
Imagebase:	0x400000
File size:	881'664 bytes
MD5 hash:	66064DBDB70A5EB15EBF3BF65ABA254B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	50.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	64.1%
Total number of Nodes:	39
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 029FBEF0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317
threadmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 029FBF61
GetTempFileNameA.KERNELBASE(?,kate,00000000,?), ref: 029FC114
CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 029FC142
WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 029FC16C
CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 029FC1B6
NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 029FC1D0
VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 029FC1FB
WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 029FC21F
WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 029FC281
Wow64GetThreadContext.KERNEL32(?,00010002), ref: 029FC2AF
Wow64SetThreadContext.KERNEL32(?,00010002), ref: 029FC2DA
ResumeThread.KERNELBASE(?), ref: 029FC2EC
ExitProcess.KERNEL32(00000000), ref: 029FC2F9

Strings

kate, xrefs: 029FC100, 029FC103

Memory Dump Source

Source File: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Offset: 029FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29fb000_pDHKarOK2v.jbxd

Yara matches

Similarity

API ID: Process$FileMemoryThreadWrite$ContextCreateVirtualWow64$AllocAllocateExitNameResumeSectionTempUnmapView
String ID: kate
API String ID: 1984375786-4076676908
Opcode ID: 8bdce1911b773aa4c5a77b11a59fe6ead0f340a8c12956d4af66eaabf161a0bb
Instruction ID: 3a6cec643f3aea85cd2d433f4fb5cd451f98cfe7cccfcd797fd15d9a7154410d
Opcode Fuzzy Hash: 8bdce1911b773aa4c5a77b11a59fe6ead0f340a8c12956d4af66eaabf161a0bb
Instruction Fuzzy Hash: 55E1DB75A00208AFDB54CF84C895FEEB7B5BF88304F148199E608AB395D771AE85CF94

Function 029FB250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 029FB9B0: VirtualAlloc.KERNELBASE(00000000,029FB30F,00003000,00000040), ref: 029FBA34

NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 029FB41B
FindCloseChangeNotification.KERNELBASE(00000000), ref: 029FB4CC

Strings

@, xrefs: 029FB39D

Memory Dump Source

Source File: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Offset: 029FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29fb000_pDHKarOK2v.jbxd

Yara matches

Similarity

API ID: AllocChangeCloseCreateFileFindNotificationVirtual
String ID: @
API String ID: 482251274-2766056989
Opcode ID: 1eb9ea2caabc7391b7229261c1d9bf95df83910e65e6df0dd8a40b88344f7981
Instruction ID: 076d550502423d07cba5d2cb9798001ed809e6ff29a3f3f7d031783a4a1be1f7
Opcode Fuzzy Hash: 1eb9ea2caabc7391b7229261c1d9bf95df83910e65e6df0dd8a40b88344f7981
Instruction Fuzzy Hash: 9D811C71A00218EFDB64DF54CD55FDAB3B5EF88704F1481A9EA0DAB290D7706A84CF94

Function 029FB510 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.tex, xrefs: 029FB5D4

Memory Dump Source

Source File: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Offset: 029FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29fb000_pDHKarOK2v.jbxd

Yara matches

Similarity

API ID:
String ID: .tex
API String ID: 0-1946526065
Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
Instruction ID: f72314864e9f4de22002959bafb283b25401c620316c94a2a2099e6a1422bf5b
Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
Instruction Fuzzy Hash: 1151D6B1E00109DFDF84CF84C8A4BEEFBB5EB48318F248559D515AB281D775AA85CBA0

Function 029FB9B0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,029FB30F,00003000,00000040), ref: 029FBA34

Strings

VirtualAlloc, xrefs: 029FBA19, 029FBA1C

Memory Dump Source

Source File: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Offset: 029FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29fb000_pDHKarOK2v.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction ID: b8df8e837708231e994c4a9b13055766628dacb45948fd57ad64382b9d97b6ed
Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction Fuzzy Hash: 211130A1D082CDDEEF41DBE8C4097EEBFB55F15708F044098D6446A282D2BA57588BA6

Non-executed Functions

Function 029FC510 Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2097682899.00000000029FB000.00000040.00001000.00020000.00000000.sdmp, Offset: 029FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29fb000_pDHKarOK2v.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a568a7dc076fac4237d36aa73511bb81ae5ea1128cbd7157671a2a4345687388
Instruction ID: f504ebfe71d3ddb625b7146fc1454264171448c767b02239f406d52b4dc2845f
Opcode Fuzzy Hash: a568a7dc076fac4237d36aa73511bb81ae5ea1128cbd7157671a2a4345687388
Instruction Fuzzy Hash: FB419171D1051C9BDF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB80

Analysis Process: katC422.tmpPID: 6440, Parent PID: 4388COMMON

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	14
Total number of Limit Nodes:	5

Executed Functions

Function 20144CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 20144EE1

Strings

psow, xrefs: 201451F5
delayed %dms for lock/sharing conflict at line %d, xrefs: 20144FB5
winOpen, xrefs: 20145110
exclusive, xrefs: 20144E81

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: 641b843e81777e6bc723e7616c608e9d6d12fe4142e18eb0baffbc65f3d7be65
Instruction ID: 66e385ec93c9f07f4463b1d3ad20e80a7c8e896eccbe07c5ecf91ac820690e8b
Opcode Fuzzy Hash: 641b843e81777e6bc723e7616c608e9d6d12fe4142e18eb0baffbc65f3d7be65
Instruction Fuzzy Hash: 97F1B0719087009FDB158FA8CC86B5A77E8FB58305F00092DFA45D72B2E739DA84DB92

Function 2013FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?,?), ref: 2013FE03

Strings

winRead, xrefs: 2013FE3D
delayed %dms for lock/sharing conflict at line %d, xrefs: 2013FE78

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: 945b00dd15d4e610df3e80f6f4dfe70b09cc07babefcc2c14ada95f6ebe9451a
Instruction ID: 197b2cee36e13269e07128828c88c8568dcff75b2bbc5ce2c79742bbbd0e92d7
Opcode Fuzzy Hash: 945b00dd15d4e610df3e80f6f4dfe70b09cc07babefcc2c14ada95f6ebe9451a
Instruction Fuzzy Hash: 17410872604305ABC304DFE4CD85AABB7E9FF94210F84092DF644C7651E775EE588BA2

Function 201604D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

failed to allocate %u bytes of memory, xrefs: 201604E7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: failed to allocate %u bytes of memory
API String ID: 0-1168259600
Opcode ID: 5283a2305e620005a7780f6e581084470ca09db5261047f9d108aaf2154884b9
Instruction ID: 3d5ccb5191b88d3349553f48fbe500cfe77cc600b76121cf02797a897df66225
Opcode Fuzzy Hash: 5283a2305e620005a7780f6e581084470ca09db5261047f9d108aaf2154884b9
Instruction Fuzzy Hash: 8FD01222D8862163C66212D4AC02BCB7D819BB05A1F054074FD8C59224D555AEA193D3

Non-executed Functions

Function 20214140 Relevance: 47.7, APIs: 14, Strings: 13, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Found (%lld -> %lld) in %s table, expected (%lld -> %lld), xrefs: 20214527, 20214603
SELECT data FROM %Q.'%q_node' WHERE nodeno=?, xrefs: 20214166
%_parent, xrefs: 202144D4, 2021451E
Node %lld is too small (%d bytes), xrefs: 2021425A
Rtree depth out of range (%d), xrefs: 2021428E
Mapping (%lld -> %lld) missing from %s table, xrefs: 202144E6, 202145C2
SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1, xrefs: 20214574
Node %lld is too small for cell count of %d (%d bytes), xrefs: 2021432B
Dimension %d of cell %d on node %lld is corrupt relative to parent, xrefs: 2021444D
%_rowid, xrefs: 202145B0, 202145FA
Dimension %d of cell %d on node %lld is corrupt, xrefs: 202143D7
Node %lld missing from database, xrefs: 20214230
SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1, xrefs: 20214498

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %_parent$%_rowid$Dimension %d of cell %d on node %lld is corrupt$Dimension %d of cell %d on node %lld is corrupt relative to parent$Found (%lld -> %lld) in %s table, expected (%lld -> %lld)$Mapping (%lld -> %lld) missing from %s table$Node %lld is too small (%d bytes)$Node %lld is too small for cell count of %d (%d bytes)$Node %lld missing from database$Rtree depth out of range (%d)$SELECT data FROM %Q.'%q_node' WHERE nodeno=?$SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1$SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1
API String ID: 0-1352829109
Opcode ID: c365e558b23fcb5aa30b589382e58a08ad96415cd4a337c2dba2d5f91934acf0
Instruction ID: d1cec0bc70ee629d6795802f2db476f900accbd244fad8710c086e45c3c63578
Opcode Fuzzy Hash: c365e558b23fcb5aa30b589382e58a08ad96415cd4a337c2dba2d5f91934acf0
Instruction Fuzzy Hash: 8DF10571904241ABC7059FA5CC80F1BFBE9FF99308F14495AF94856123E735EAE4CBA2

Function 20270480 Relevance: 30.2, APIs: 8, Strings: 9, Instructions: 476COMMON

Download Yara Rule

Strings

invalid uri authority: %.*s, xrefs: 202705C2
no such %s mode: %s, xrefs: 20270922
loca, xrefs: 20270598
cach, xrefs: 2027082B
no such vfs: %s, xrefs: 2027099A
file, xrefs: 202704DA
%s mode not allowed: %s, xrefs: 202709EC
lhos, xrefs: 202705A1
mode, xrefs: 20270867

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s mode not allowed: %s$cach$file$invalid uri authority: %.*s$lhos$loca$mode$no such %s mode: %s$no such vfs: %s
API String ID: 0-1127695371
Opcode ID: 8f5d6e8a83875af832d5b809fdbc7e948edb338948ce6a978fdbdd87967d6af2
Instruction ID: f4b23b091f062be8cdff3e8080b91835600049e6ad1de00b894f98ced878a400
Opcode Fuzzy Hash: 8f5d6e8a83875af832d5b809fdbc7e948edb338948ce6a978fdbdd87967d6af2
Instruction Fuzzy Hash: 93F13470508343CFE3118F94C8E075ABBF2AB86314F54865EE5D40B2A3D736AA6DCB42

Function 20158680 Relevance: 28.6, APIs: 9, Strings: 7, Instructions: 550COMMON

Download Yara Rule

Strings

ASC, xrefs: 201598BA
, xrefs: 20159848
recursively defined fts5 content table, xrefs: 201586C5
DESC, xrefs: 201598C2, 201598D6
%s: table does not support scanning, xrefs: 20159979
parse error in rank function: %s, xrefs: 201597FF
SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s, xrefs: 201598F1

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: $%s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$parse error in rank function: %s$recursively defined fts5 content table
API String ID: 0-2381147695
Opcode ID: fd2f1d01804b436890e635fdee71a93c83561c9c4dbfe73abdd36bad17ce028a
Instruction ID: ec8ff2d4de1ed01ac5d02ad50d477b96a07fc23d29352045f8e44941cfd833a7
Opcode Fuzzy Hash: fd2f1d01804b436890e635fdee71a93c83561c9c4dbfe73abdd36bad17ce028a
Instruction Fuzzy Hash: B022E0B1904701DFCB01CFA4C881BAA7BF4BF48304F14452EF9699B265E735EA59CB92

Function 2025D9E0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 564COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2025DACC, 2025DE2F
API called with NULL prepared statement, xrefs: 2025DA9B, 2025DDFE
API called with finalized prepared statement, xrefs: 2025DAB0, 2025DE13
%s at line %d of [%.10s], xrefs: 2025DADB, 2025DE3E
misuse, xrefs: 2025DAD6, 2025DE39

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 55339319c5e040de43590d241e202c39e2502f36ed8f4ca5b6f74832a9f7b5dc
Instruction ID: be7b277d9b21d68e67053bf2a1a9ac084c6b480a276a18a288789ef49549c078
Opcode Fuzzy Hash: 55339319c5e040de43590d241e202c39e2502f36ed8f4ca5b6f74832a9f7b5dc
Instruction Fuzzy Hash: 131215B19047019BE7348FA0CC45B577BE8FF54318F00052EF99A9A242E775E96CCBA6

Function 201466C0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 416COMMON

Download Yara Rule

Strings

_shape does not contain a valid polygon, xrefs: 20146816

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: _shape does not contain a valid polygon
API String ID: 0-1814939628
Opcode ID: a4234f276ecb7c9d00c68a25300034856dc631d2ec1899340e51dfaee8a7d024
Instruction ID: edf0464d7945162a048d776300048cf3326a08daec41e0fa8a9f7245f1751a9e
Opcode Fuzzy Hash: a4234f276ecb7c9d00c68a25300034856dc631d2ec1899340e51dfaee8a7d024
Instruction Fuzzy Hash: B8E1BDB19083009FC711DF94C841A5BBBE8EF98718F14492DF99997222E736DE85CB93

Function 2015B400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s, xrefs: 2015B696
ASC, xrefs: 2015B651, 2015B678
SELECT %s ORDER BY rowid %s, xrefs: 2015B665
DESC, xrefs: 2015B656, 2015B65E, 2015B67D, 2015B685

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
API String ID: 0-3496276579
Opcode ID: 3f98ab4a447743c9840a8a4dde32224bd9024d195bcbc138acd9a5023fdf9aa9
Instruction ID: c07ca1e1fcaa238b164ee96d8344bdef576b3148dfb61689e811dd09ddf773c4
Opcode Fuzzy Hash: 3f98ab4a447743c9840a8a4dde32224bd9024d195bcbc138acd9a5023fdf9aa9
Instruction Fuzzy Hash: 37C113B15007449FD7118FA4D881BA6BBF1FF88310F14092EF9A58A642E73AEB59CB51

Function 201ADB10 Relevance: 18.3, APIs: 12, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee396fb08ffde117e992cc5b9882a573e2647bc4d191dde0d8378a8d5bbd0ff
Instruction ID: 463a74146ffbcd0d55e111972dd336a0ebd988e66f38fbdd016f266a63174d00
Opcode Fuzzy Hash: 6ee396fb08ffde117e992cc5b9882a573e2647bc4d191dde0d8378a8d5bbd0ff
Instruction Fuzzy Hash: F881CF75604705ABD710DFA8CC81B6BB3E9EFA4314F84082DF986D7251EB75EA01CB92

Function 202514D0 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 360COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202515A2
API called with NULL prepared statement, xrefs: 20251571
API called with finalized prepared statement, xrefs: 20251586
%s at line %d of [%.10s], xrefs: 202515B1
o:% , xrefs: 202514D5
misuse, xrefs: 202515AC

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$o:%
API String ID: 0-1050550799
Opcode ID: 8c2a68b38742ff49b3e3c13da807fd250b3f72f80f347a45dcd2f8a3b73704db
Instruction ID: e1b90a6906d36cb3d115b27225b76647bddd44b9363b9bd777fb0e45474e9fc9
Opcode Fuzzy Hash: 8c2a68b38742ff49b3e3c13da807fd250b3f72f80f347a45dcd2f8a3b73704db
Instruction Fuzzy Hash: 56C13BB09007119BE7248FA4CC46B577FE8BF54314F14052EE9868B342E779E96CCBA6

Function 20160FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

e, xrefs: 2016115A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction ID: ba1bf401a097abcd628ffad074705c6d4a7b8aa8d7a9e0c887261c5aa2b5d003
Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction Fuzzy Hash: 635166726043419FDB15CF68CC80BABB7E0FFA5212F14056EF88186152E732EE64C7A1

Function 201ADFC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

%lld %lld, xrefs: 201AE055

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %lld %lld
API String ID: 0-3794783949
Opcode ID: d67ee67b88ffdc40834a561c32cf7c758dcff4a98790a8a682fab032e21b02cc
Instruction ID: f8a8ef77e578962ff04f718c99245f587d67a490205c253390243e6b5094c223
Opcode Fuzzy Hash: d67ee67b88ffdc40834a561c32cf7c758dcff4a98790a8a682fab032e21b02cc
Instruction Fuzzy Hash: FA31D5B5604600BFE7116BA88D06F5B77FEEFE0710F104818F68192261E7B6DA11CBA6

Function 2025D4F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 310COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2025D5DD
API called with NULL prepared statement, xrefs: 2025D5AC
API called with finalized prepared statement, xrefs: 2025D5C1
%s at line %d of [%.10s], xrefs: 2025D5EC
misuse, xrefs: 2025D5E7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: bc55118b7435471737ea53511092eab28a09a94cfdbbf8df0fdbb8614e6bc70d
Instruction ID: dba4d9c077d6976aaf9cc2d192a7e4aa57c966a176a9833286cbf090ff12f8d4
Opcode Fuzzy Hash: bc55118b7435471737ea53511092eab28a09a94cfdbbf8df0fdbb8614e6bc70d
Instruction Fuzzy Hash: 9BB1E1B05007019FE3248FA4DC45B57BBE4FF54318F00452EE9998B342E775E96E8BA6

Function 20214D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f905c6ff1ea72f7e84fbc2119b95e7ea6ed3fbabbd9f59a4f0629f78a623d4
Instruction ID: 3a7cde8f65ff79d27cb2d9ba00b5bacc66327de037a31d8277582566d4e04d10
Opcode Fuzzy Hash: b0f905c6ff1ea72f7e84fbc2119b95e7ea6ed3fbabbd9f59a4f0629f78a623d4
Instruction Fuzzy Hash: 5DF1E4B0504B029FC3119FA5CC84A2BB7FCFF95305F04052EF91986252E775EAA5CBA2

Function 201A8200 Relevance: 14.0, APIs: 9, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4263f500f5ef126d2c22f616e7b264641d4f41424278d0a0ca9f0273eb7a9da
Instruction ID: b24fd983907a06ce2e7c3e7a7c99e82fecc2ec16d39ff76321d194fa57f0ac30
Opcode Fuzzy Hash: e4263f500f5ef126d2c22f616e7b264641d4f41424278d0a0ca9f0273eb7a9da
Instruction Fuzzy Hash: 8C02B176904701AFD7118FA4CC40B9BB7E8FF88350F040A29FA4997661E735DA94CBE2

Function 201E5940 Relevance: 12.4, APIs: 8, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886a9fa2bf735b36ece42334bf37295ca75ada0cf87b84f9ebf34f44d5ed6af3
Instruction ID: 0fba9dda42d791e55b5d6a0e8ce36eafc3d2946a74217aa1d9d3c537d808d56f
Opcode Fuzzy Hash: 886a9fa2bf735b36ece42334bf37295ca75ada0cf87b84f9ebf34f44d5ed6af3
Instruction Fuzzy Hash: F4C14A72E18B004FE7009E99CC92BDF7795EF92310FA8056EF58D87253E129AB45C792

Function 20167810 Relevance: 10.9, APIs: 7, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17b276d4ce50b3010a0325706d2f3604a09c8ea9ecb2d9f4b571ed2790b2905
Instruction ID: 1373146db4f84f6651b9e59134cefbab56bc8365c6e9cc7b611b88fbde4e31ad
Opcode Fuzzy Hash: f17b276d4ce50b3010a0325706d2f3604a09c8ea9ecb2d9f4b571ed2790b2905
Instruction Fuzzy Hash: B6E135719047019FC301DFB5CC81A6BB7E8BF56354F044A6EF885AB212E735EA61CB92

Function 201D51D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON

Download Yara Rule

Strings

, xrefs: 201D5334
REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 201D5264

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-69911113
Opcode ID: aa792ecab25a41f6eb36c4dbbfa2e84e2328aa66bec52b306b8e00f8d054f1c7
Instruction ID: 1d817dff44a89f7b46754971d6d2fda61a520673b8177de310ad1f2cd34cc16d
Opcode Fuzzy Hash: aa792ecab25a41f6eb36c4dbbfa2e84e2328aa66bec52b306b8e00f8d054f1c7
Instruction Fuzzy Hash: 2F417FB2904201EFD700DFA9CC80B5AB7E9FF98348F454529F984A7311E771EA54CBA2

Function 2020D610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction ID: 9e7472c4a987ada4319014d220546390f0a2f487d6ec84efacf0eaeb3406c890
Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction Fuzzy Hash: 1C41F671500702AFCB019FA5DC81A1BB7F9FF65310F00462DF95886211E773EA25CBA2

Function 20194760 Relevance: 9.4, APIs: 6, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3712e9ee301515d9483f996e046108a34c5142da285cff6115de63f753e96531
Instruction ID: 235ab720124ba30ea43a9a5c11f177cfa1359c360cb945693e69c2a949bdbdba
Opcode Fuzzy Hash: 3712e9ee301515d9483f996e046108a34c5142da285cff6115de63f753e96531
Instruction Fuzzy Hash: 30F19D719097099FD701CFA4C886A5BBBE8FF88304F04492DF98597321E735EA94CB96

Function 20144820 Relevance: 9.3, APIs: 6, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71da3c2bd9a18a2689f944c08927eef03067068ce520e30dd0381fe1378a10da
Instruction ID: 1cbf56cf3a29557ee5106a46ecb865f2e106be197d4e71b11932850ed1b989b5
Opcode Fuzzy Hash: 71da3c2bd9a18a2689f944c08927eef03067068ce520e30dd0381fe1378a10da
Instruction Fuzzy Hash: 98B19DB0804B01AFD300CF65C846B5BB7F8FF99304F108A19F95996261E779EA94CF96

Function 20145C70 Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction ID: 2a44d8783183afc0b182a56655f7be0ba5c83c23294d499befc50f9205177ffe
Opcode Fuzzy Hash: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction Fuzzy Hash: 8641E0B5A043019FDB15DF98C884FA6B7E4FF98210F104469F9918B6A2E762EE54CB60

Function 201C9090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b493176c6bd037f2d2345e8960e43585ca02e5e88009b0384b80d6aa076f152
Instruction ID: dce3fe6b2e0c0afe023f20556be2e913c8ae2d283da47f83f7e2463572f57df0
Opcode Fuzzy Hash: 3b493176c6bd037f2d2345e8960e43585ca02e5e88009b0384b80d6aa076f152
Instruction Fuzzy Hash: E4310271200200DFD340CFA8C88AF66B3F4FFA0325B0504B9E9428F666D722EE50CB51

Function 2019E200 Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a1cb13e533e1d494673121edc5da2611e26bc6614643ab79eef0b764ed878c
Instruction ID: f1f85c8dcd3ba227e29de6218d806ea9841502320db4b3c90239ed3a76d43e96
Opcode Fuzzy Hash: 85a1cb13e533e1d494673121edc5da2611e26bc6614643ab79eef0b764ed878c
Instruction Fuzzy Hash: 4B1129722053086FE7045BE0DC82FDBF3ECEF69325F14042AF645A2181EB76AB1147A1

Function 201806E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

VUUU, xrefs: 2018083A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: 71c5617c6025fe03a1fa263db43b20f26f9cda2fcc9d594dbd3faf26382185dc
Instruction ID: d9042ba3409ef147ef27d923b767d704cf2a2d74bf6935b709d640fb1ebf1921
Opcode Fuzzy Hash: 71c5617c6025fe03a1fa263db43b20f26f9cda2fcc9d594dbd3faf26382185dc
Instruction Fuzzy Hash: 1381C1B19043498FD755DFA9C881A6BFBE4BF99200F04466DF88987242E770EB448FA1

Function 2019E090 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

0:% , xrefs: 2019E0E7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: 0:%
API String ID: 0-722384852
Opcode ID: c8e900881a082986d04453689b729f25f76a85d5f6c78b886b8933250674c27a
Instruction ID: 4fc485107728c76a090ba06ff3f7ae4071a60b4f5c9c668ff4fb3dd8654a47f7
Opcode Fuzzy Hash: c8e900881a082986d04453689b729f25f76a85d5f6c78b886b8933250674c27a
Instruction Fuzzy Hash: DF31F0B26002009FD710CF48DD41BBABBE5EB85314F0584AAF8848F252E736ED97CB91

Function 201B1FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 201B2001

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-914542581
Opcode ID: 64a9026e735904e39acee8dd51069b480e685c450e51f5dc5ee1ad5a9ad6ad88
Instruction ID: ed87b63f824ce90da6d770339b584b698ce645606f049a560341855805f9f5b0
Opcode Fuzzy Hash: 64a9026e735904e39acee8dd51069b480e685c450e51f5dc5ee1ad5a9ad6ad88
Instruction Fuzzy Hash: 4B218DB1500205BFDB11AFA8DC81F9677ADFF24354F044418F944A7122E762EA64CBA5

Function 201F3770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

?P! , xrefs: 201F3770

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ?P!
API String ID: 0-1380002928
Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction ID: 349d0b62f487ed0e62c19cfbb0fd8677de315a26992d882ac6aca5de0d9c02d6
Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction Fuzzy Hash: 00E09232044740ABCB626B90DE46E4ABBA6BF68710F051C58F5C521670C6629A60AB41

Function 202137E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

?P! , xrefs: 202137E0

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ?P!
API String ID: 0-1380002928
Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction ID: 75298dfac66aa04246765bee415dd830bb1b9dbed4491ab74a8089cdbd27db3f
Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction Fuzzy Hash: 08E0B632044780BFCB626F91DC46F4BBFA6AF68314F051C58F58561470C7B29AA1AB41

Function 201AA6F0 Relevance: 7.6, APIs: 5, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580f593f734bce99fee7809c1f712008c05de6c425d51a85ab922abfe57b3ce3
Instruction ID: 7e4f8411954bbcceb881de045a934cb4cd3d0d35e7ba935b182cd896bc6cf865
Opcode Fuzzy Hash: 580f593f734bce99fee7809c1f712008c05de6c425d51a85ab922abfe57b3ce3
Instruction Fuzzy Hash: 8D6116B81083859FC338CF95C480A9BBFF1BB89344F914E1CE5985B260D7B19A09CF96

Function 20188550 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction ID: 1218a1e6dc752e71c5f89f7350fe3727759a215899658f5b78fbfebdccab0df6
Opcode Fuzzy Hash: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction Fuzzy Hash: B901F4B1600301BBDB156F54ED02B9B77A5EFE1715F1404ACF90467200D332EE29CBA6

Function 20161C50 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 471COMMON

Download Yara Rule

Strings

RtreeMatchArg, xrefs: 20161F83

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: RtreeMatchArg
API String ID: 0-1459067757
Opcode ID: 1bc896a70922ba848c14e63f879e4677fb4f0fb6da0c93275b9f2e1c58206f17
Instruction ID: 468c98c61f43c70b8b6e0a2bd7d6bfbb9fc7331d7db268b9e37c2e268614a726
Opcode Fuzzy Hash: 1bc896a70922ba848c14e63f879e4677fb4f0fb6da0c93275b9f2e1c58206f17
Instruction Fuzzy Hash: E902EFB0A04B018FC715CFA4CC81A9ABBF5BF59304F14451DF9859B222E735EAA5CB92

Function 2013298C Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 20322A1F
IsValidCodePage.KERNEL32(00000000), ref: 20322A56
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 20322C3A

Strings

utf8, xrefs: 20322B28

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: CodeInfoLocalePageValid
String ID: utf8
API String ID: 790303815-905460609
Opcode ID: a577082d914fb5abde203bacc31a9ee71984152a7e67038c2fdaebe4a5f4c415
Instruction ID: 31f94b9afcd3313c01c2fa817b90bea5c9c8e23c1c7d894e360069fba8da1fc8
Opcode Fuzzy Hash: a577082d914fb5abde203bacc31a9ee71984152a7e67038c2fdaebe4a5f4c415
Instruction Fuzzy Hash: 2771D471600A06BEDB159BF4EC86FAA73ACFF55700F114429FA05DB180EB74EE90C6A5

Function 20132C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 202D48A7
IsDebuggerPresent.KERNEL32 ref: 202D4973
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 202D4993
UnhandledExceptionFilter.KERNEL32(?), ref: 202D499D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: feff765a736c62c72d54ce973f87bde1e5cc09c5b3b43ae62846576e383b8893
Instruction ID: ce5019ad6fc6cb946bddb2be0398416dc813579be5816c75f704e06cfb41ab2a
Opcode Fuzzy Hash: feff765a736c62c72d54ce973f87bde1e5cc09c5b3b43ae62846576e383b8893
Instruction Fuzzy Hash: 993138B5D052189BDB11DFA0CD89BCDBBB8AF18300F1041AAE40CAB250EB749B859F05

Function 2018EF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction ID: 0671bf9eb9a4d7d23945cf4762a17324f251f9499ec546c7c5948b32013ee185
Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction Fuzzy Hash: 98112631904561ABE7128BA4D840B86F7E1BF64324F054678FD499BA61D331FF60CBD1

Function 201D5910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?), xrefs: 201D597E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)
API String ID: 0-143322027
Opcode ID: d6de80af2c6f02872e18ced2a617762aaa1cc45168572885531efdc5e6111dbf
Instruction ID: 46da8cf9bddbfbe9c67d989df69bc55a50c5d430bf936eabc9b4762c698999fa
Opcode Fuzzy Hash: d6de80af2c6f02872e18ced2a617762aaa1cc45168572885531efdc5e6111dbf
Instruction Fuzzy Hash: 75117FB2500605BFD7109F98CC85F86FBADFF55318F004145F50857252C3B2E6A4CBA0

Function 20168970 Relevance: 4.6, APIs: 3, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ea369243351293d7ec6552790afd6534132e6d350129d74874d2d382be65e4
Instruction ID: 1046594a46758254cd634c64fe160f72b6ece5e43931b2651743458c0bef7563
Opcode Fuzzy Hash: 28ea369243351293d7ec6552790afd6534132e6d350129d74874d2d382be65e4
Instruction Fuzzy Hash: A5413776604210AFCB01DFA8EC009ABB7E5EF94324F044669F9448B261D733DE63DBA1

Function 201ED3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb9250d59bfd66e4170cee23965393b9521a897766226b7cda57ec32b74d231
Instruction ID: 296126310e0b9ee908a6141cf64ecf2d65ce0efe2507aa08329040b39a2b152d
Opcode Fuzzy Hash: 6cb9250d59bfd66e4170cee23965393b9521a897766226b7cda57ec32b74d231
Instruction Fuzzy Hash: 253160B0600605ABE700DFAADC81F5AB3E9FF68314F048529FA48D3751E775FA10CAA1

Function 201D55B0 Relevance: 4.6, APIs: 3, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ed3a212184e78f7816304bd2721b1be52bc1164250747118e9ff35b89b799e
Instruction ID: f0f253c1ab541415c693bfa131a0e5dc743190d51cb93f941e05226d4bba094e
Opcode Fuzzy Hash: e8ed3a212184e78f7816304bd2721b1be52bc1164250747118e9ff35b89b799e
Instruction Fuzzy Hash: F9319AB2600301AFEB509FA9DC81B5B77E9FF94344F504829F9458B362E771EA90CB61

Function 201AE170 Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479ca2247f0d7e50a6d93ec8a72df76772147f2c835cea0b52866ecdf93b8829
Instruction ID: ac41b3e0b8c3b29b1375cbe5484c2e0a482be2aecf2b207ad00e3ac42cbdfccd
Opcode Fuzzy Hash: 479ca2247f0d7e50a6d93ec8a72df76772147f2c835cea0b52866ecdf93b8829
Instruction Fuzzy Hash: 1011DAB96002007BE6019BA48C05F9B77EEEFA4754F14081DF685D3251E732EE11CBB1

Function 20132112 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

GetEnabledXStateFeatures, xrefs: 20310C61

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: GetEnabledXStateFeatures
API String ID: 0-1068256093
Opcode ID: 66aeeb00ec089f948ad72c5130d558633821f161993c637b49228cca1ce33697
Instruction ID: 3ddd75dfd6ba2f1f87cf2b47055ab5dc11bd2adfaac47cb2200986257d78d475
Opcode Fuzzy Hash: 66aeeb00ec089f948ad72c5130d558633821f161993c637b49228cca1ce33697
Instruction Fuzzy Hash: 2FF0F631601528B7DB162FE0DC44F9E7E0AFF98764F050021FD197E224DBB98DA1AAC0

Function 20314A46 Relevance: 2.2, APIs: 1, Instructions: 658COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48bd2b7a87074260c7b368926cd194a227e7ea9c0beb2c7793df2c1c6d57ffd2
Instruction ID: 5ea2327aaa6aeb651f47eb727b8b8755175ed7acb51f1146de2bfff6c68bf56c
Opcode Fuzzy Hash: 48bd2b7a87074260c7b368926cd194a227e7ea9c0beb2c7793df2c1c6d57ffd2
Instruction Fuzzy Hash: C2C12D72900125ABDB09AFE4DC42BAEBB79FF28760F158055F905EB290E7748F81D790

Function 20168CB0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e18cd95fdf74bce5206b3624fd2c672864741560e55eb109ac5348069bb5b29d
Instruction ID: 19aeb219afa3787852cc5fad9c74632b5c31ae2a2cbc8013b2b7930c895fb0db
Opcode Fuzzy Hash: e18cd95fdf74bce5206b3624fd2c672864741560e55eb109ac5348069bb5b29d
Instruction Fuzzy Hash: A901BCB16042019BE714DFA8EC44E8A73E9FFA4254F100528F680D3762EA26DE65CB72

Function 2030FF17 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(2030FF01,00000001,2036D298,0000000C,20310A92,?), ref: 2030FF4F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 2cc1a56f6f74f2abd191d17cee15d0088d24b40616a9d79f3b724401ad5dc5c3
Instruction ID: b81e29e48371be644d08f968184024f5751c7a68d770b74f8c133a22711612d9
Opcode Fuzzy Hash: 2cc1a56f6f74f2abd191d17cee15d0088d24b40616a9d79f3b724401ad5dc5c3
Instruction Fuzzy Hash: 03F04476A04600DFEB01DFA8D882B9C77F1FB69324F10416AF415DB6A0EB799A40DB80

Function 20168430 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction ID: f1ae2a4a42476426c56b8e1b9736c40cc69a74fbff9a72c9233d32f26e43cff9
Opcode Fuzzy Hash: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction Fuzzy Hash: F4B092B2408741BFEB81EF48CC01D7BB7BAFBE0210F848C4CB4A440030D33289289A12

Function 201342AF Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00004214), ref: 202D4A98

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: d7b9fa5dae02dab0796564e1b2364a769f41edf71fca7cab6f3b1aa7724be6b2
Instruction ID: 099accc5e547de1e7db27dacbe792eeb89a970da91c3b3fc6505c93be66511ae
Opcode Fuzzy Hash: d7b9fa5dae02dab0796564e1b2364a769f41edf71fca7cab6f3b1aa7724be6b2
Instruction Fuzzy Hash: 869002A55949025B9D0597D1EE5A80565246585605B910071F00D64528651C1651A636

Function 201346A6 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 2030EFF3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 2d559ec209c0dac471534d1e9f233f1f1a63be45cd705d278992a2647320e501
Instruction ID: f04b110552bd7d58e2b03739508cd8804c3df2442cac5aa80889bbd297511463
Opcode Fuzzy Hash: 2d559ec209c0dac471534d1e9f233f1f1a63be45cd705d278992a2647320e501
Instruction Fuzzy Hash: 6DB01230606A02CF53814F764D0460D35ED7E541A03118015D001C02B0F63C44C07F12

Function 20215660 Relevance: 56.5, APIs: 26, Strings: 6, Instructions: 452
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

D$5 , xrefs: 202156A3
CREATE TABLE x(%.*s INT, xrefs: 202157CA
Auxiliary rtree columns must be last, xrefs: 202156B3, 202158B3
p$5 , xrefs: 202156AB
,%.*s, xrefs: 20215804, 20215835
_node, xrefs: 2021579E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$D$5 $_node$p$5
API String ID: 0-2476765371
Opcode ID: d3c81c599e574f1bf5035f36a1c3dbf709eef807afae8fb6c07128fae925c719
Instruction ID: fd76b8fea39d349c6f92c266256fd318ab3e118a8577e71b95b3055231b84352
Opcode Fuzzy Hash: d3c81c599e574f1bf5035f36a1c3dbf709eef807afae8fb6c07128fae925c719
Instruction Fuzzy Hash: CDF1F271504701DFC7119FA4CC81B5BB7ECBF58304F00056AF94A96262E77AEAA5CBA2

Function 2015CC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%.3f, xrefs: 2015D0BF
%03d, xrefs: 2015CF81, 2015CF8B
%02d:%02d, xrefs: 2015D080
%02d:%02d:%02d, xrefs: 2015D12E
%02d, xrefs: 2015CE2C, 2015CE34, 2015CF27, 2015CF6F, 2015CFCE, 2015CFE9, 2015D10A
%lld, xrefs: 2015D0EE
%04d, xrefs: 2015D1CE
%.16g, xrefs: 2015CFB3
%2d, xrefs: 2015CE27
u, xrefs: 2015D16D
%04d-%02d-%02d, xrefs: 2015CE82
%06.3f, xrefs: 2015CE5F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
API String ID: 0-1613945299
Opcode ID: c27ea43c936d375ef7502dfa8bff4f3c479161108428f41c87126d8edcff79f1
Instruction ID: f197337d98184684a181810cc1a34aea8075bd64648c107d3535b2cc35878210
Opcode Fuzzy Hash: c27ea43c936d375ef7502dfa8bff4f3c479161108428f41c87126d8edcff79f1
Instruction Fuzzy Hash: AAF1E4719087009FE7158BA4CC42FABBBEAFF95304F444A1DF9949A241E639DB488752

Function 201D9120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,%s, xrefs: 201D9297
CREATE TABLE x(_shape, xrefs: 201D9268
_node, xrefs: 201D9202

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ,%s$CREATE TABLE x(_shape$_node
API String ID: 0-1242591684
Opcode ID: 7dec91e912b5d4845d368682b2cec0c2351e340713249e90d800bcb96f19da27
Instruction ID: 2619762f442c7020d8a4c7813fffe0512580a228ce05e7b19711d2005e281fa9
Opcode Fuzzy Hash: 7dec91e912b5d4845d368682b2cec0c2351e340713249e90d800bcb96f19da27
Instruction Fuzzy Hash: 2EC12572500700EBD7019FA4DC85F9777B8FF54308F040528F94A8676AEB3AEA95DBA1

Function 2028B050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

BINARY, xrefs: 2028B0D3
program, xrefs: 2028B2FB
(blob), xrefs: 2028B26C
vtab:%p, xrefs: 2028B283
%c%u, xrefs: 2028B2C3
%lld, xrefs: 2028B1DA, 2028B24C
NULL, xrefs: 2028B267, 2028B324, 2028B325
,%s%s%s, xrefs: 2028B137
%.16g, xrefs: 2028B217
%s(%d), xrefs: 2028B1B3
%.18s-%s, xrefs: 2028B192
k(%d, xrefs: 2028B0A5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
API String ID: 0-900822179
Opcode ID: 2e0ea393428e4915193ebe6688c63a406d17c8bc80adf1bb92918c48e2ecb385
Instruction ID: 64244e31b8f70dbb772b1a8c6f597203df7be2b8d01d51253f7dbe424c9c9f68
Opcode Fuzzy Hash: 2e0ea393428e4915193ebe6688c63a406d17c8bc80adf1bb92918c48e2ecb385
Instruction Fuzzy Hash: 6D91D4789083059BC706CF94CC80BAB77F5BF95304F14499EF9848F293D326D92A8BA1

Function 2014D820 Relevance: 35.2, APIs: 8, Strings: 12, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

offsets, xrefs: 2014D956
matchinfo, xrefs: 2014D970, 2014D98A
porter, xrefs: 2014D8EE
fts3, xrefs: 2014D9CA
snippet, xrefs: 2014D93C
fts3tokenize, xrefs: 2014DA27
fts4, xrefs: 2014D9F0
fts3_tokenizer, xrefs: 2014D921
simple, xrefs: 2014D8A9
unicode61, xrefs: 2014D90B
fts4aux, xrefs: 2014D840
optimize, xrefs: 2014D9A4

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 0-449611708
Opcode ID: 990a242a62e99f80d70b666e3d54d918ba4ca5d5fad4edb8a9658a8d80f31b5e
Instruction ID: 656b994c5706190f0cb388a0a92c5df40d6e0c0b39d7ddfbf0a87ceafec47de2
Opcode Fuzzy Hash: 990a242a62e99f80d70b666e3d54d918ba4ca5d5fad4edb8a9658a8d80f31b5e
Instruction Fuzzy Hash: 5B5138B0F0460167EA116BE45CC6F9B36E8BF1571CF140034FD48A7267F769EB5982A2

Function 202C7FB0 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

winGetTempname4, xrefs: 202C8355
etilqs_, xrefs: 202C824C
winGetTempname5, xrefs: 202C8233
winGetTempname2, xrefs: 202C8094
winGetTempname1, xrefs: 202C817B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 0-2933911573
Opcode ID: f1ac7dda457520eb78c355ff3c3fef66b8fe4ec9dddf64981f0d8b69a5066bd1
Instruction ID: affe4ac866ae5e8632f2febcf0f11a473b7e7ad52f06f38d989e2c4042257413
Opcode Fuzzy Hash: f1ac7dda457520eb78c355ff3c3fef66b8fe4ec9dddf64981f0d8b69a5066bd1
Instruction Fuzzy Hash: 0BA12EB16003025BD3005FA49C42BAA7BD9EF51214F494267FD889B193E26B961FD3B2

Function 20152BE0 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 346
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20152E69
WHERE name=%Q, xrefs: 20152DB7
API call with %s database connection pointer, xrefs: 20152E5A
%s at line %d of [%.10s], xrefs: 20152E78
NULL, xrefs: 20152E38
SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0), xrefs: 20152DA4
ORDER BY name, xrefs: 20152DCC
misuse, xrefs: 20152E73
unopened, xrefs: 20152E55
invalid, xrefs: 20152E4E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ORDER BY name$%s at line %d of [%.10s]$API call with %s database connection pointer$NULL$SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0)$WHERE name=%Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-1179878930
Opcode ID: f42c6aaaadcb1661b1c34cf90c85e4c051ec040039a4a73cf5bcbafea1ae9192
Instruction ID: 98b074cf6329756f2920b772554a31f6678e09d8946210801b1f5a5e28f19102
Opcode Fuzzy Hash: f42c6aaaadcb1661b1c34cf90c85e4c051ec040039a4a73cf5bcbafea1ae9192
Instruction Fuzzy Hash: 2AC133725047008BD7198FD4DC82B8B7BE4AF52354F144429FD69AF252E339EB4E87A2

Function 201CEF60 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 192COMMON

Download Yara Rule

Strings

(W5 , xrefs: 201CEFE0
dV5 , xrefs: 201CF0F3
<V5 , xrefs: 201CEFB0
\W5 , xrefs: 201CEFE8
,origin, xrefs: 201CF0D6, 201CF0DE
U5 , xrefs: 201CEFA8

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: (W5 $,origin$<V5 $\W5 $dV5 $U5
API String ID: 0-1931786636
Opcode ID: 6ded1d5f5fb571014736fed893b8329c0aee4ceff8bb5173abc56471d254d353
Instruction ID: 28efe00218001ed10d3855e9dfe5d3e0056b8f9d48fbeab1e0f3d3f5c617f738
Opcode Fuzzy Hash: 6ded1d5f5fb571014736fed893b8329c0aee4ceff8bb5173abc56471d254d353
Instruction Fuzzy Hash: 3E719E75508700DFD7119F98CC80A5ABBF5FFA8300F14492CF98586271E736EA54DB56

Function 20255D70 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 266COMMON

Download Yara Rule

Strings

secure-delete, xrefs: 20256031
pgsz, xrefs: 20255D81
usermerge, xrefs: 20255EAD
deletemerge, xrefs: 20255F64
rank, xrefs: 20255FBB
hashsize, xrefs: 20255DF0
automerge, xrefs: 20255E59
crisismerge, xrefs: 20255EF7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: automerge$crisismerge$deletemerge$hashsize$pgsz$rank$secure-delete$usermerge
API String ID: 0-3330941169
Opcode ID: 145a68044c3e1bb4af43b82810a7c96a2bc24d388ebcded7bbc2b9e89d2e8d68
Instruction ID: f0d004a45ff7add741212ed550cd6076f84b6294b0c7f38c52baa8b33f91751f
Opcode Fuzzy Hash: 145a68044c3e1bb4af43b82810a7c96a2bc24d388ebcded7bbc2b9e89d2e8d68
Instruction Fuzzy Hash: 28717EB6B0022157C6089FD8EC41A9F7FD4BFD5212F00047BF945C7252EB24EA2E87A6

Function 20145E20 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 496COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20145F2B, 20146253, 20146385
recursive definition for %s.%s, xrefs: 20145E4C
API called with finalized prepared statement, xrefs: 20145F1F, 20146247, 20146379
SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id', xrefs: 20145E6F
%s at line %d of [%.10s], xrefs: 20145F3A, 20146262, 20146394
misuse, xrefs: 20145F35, 2014625D, 2014638F
no such fts5 table: %s.%s, xrefs: 201462EA

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such fts5 table: %s.%s$recursive definition for %s.%s
API String ID: 0-1070437968
Opcode ID: 4a98e03637a03accfc46c42e25846adbaac5b493620c820a659b54a929598de5
Instruction ID: c777d40a34b14789af50761d03899e1bdc8ffdf1af3e91e2dd566006f8e7ee83
Opcode Fuzzy Hash: 4a98e03637a03accfc46c42e25846adbaac5b493620c820a659b54a929598de5
Instruction Fuzzy Hash: FA0200B1E04700ABD7118FA4CC85F9B77E8BF94718F040429F94997262E775EA58CBA3

Function 201B9980 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 429COMMON

Download Yara Rule

Strings

SELECT %s, xrefs: 201B99B1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201B9A35, 201B9D90
API called with NULL prepared statement, xrefs: 201B9A04
API called with finalized prepared statement, xrefs: 201B9A19, 201B9D84
%s at line %d of [%.10s], xrefs: 201B9A44, 201B9D9F
misuse, xrefs: 201B9A3F, 201B9D9A
no such function: %s, xrefs: 201B9E8C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such function: %s
API String ID: 0-3900766660
Opcode ID: 149ed0aa448d9b6a2b38334f24ee0e34bef370c8f462b5ad485ca5ca4a770e95
Instruction ID: 392fd7539e2143f2c1521643d0d5715e10707dbac22d434a009434e289cdac7e
Opcode Fuzzy Hash: 149ed0aa448d9b6a2b38334f24ee0e34bef370c8f462b5ad485ca5ca4a770e95
Instruction Fuzzy Hash: 95E106B0A047019BD710CFA5DC81B9B7BE4BF94314F14052DF9499B346E735EA4ACBA2

Function 20173800 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 184COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20173930
integer, xrefs: 2017389A
API called with finalized prepared statement, xrefs: 20173924
cannot open value of type %s, xrefs: 201738ED
null, xrefs: 201738E7
%s at line %d of [%.10s], xrefs: 2017393F
no such rowid: %lld, xrefs: 201739F8
misuse, xrefs: 2017393A
real, xrefs: 20173895, 201738EC

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$cannot open value of type %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$integer$misuse$no such rowid: %lld$null$real
API String ID: 0-1477268580
Opcode ID: 3d9c63abcb8b26930f5c4a26d0e5693dd6c853784978b1a1ac4a3a920203e327
Instruction ID: 10bc6874c8c723970977911ae9f46593653fbdf22232abeafea1abeae2c4438c
Opcode Fuzzy Hash: 3d9c63abcb8b26930f5c4a26d0e5693dd6c853784978b1a1ac4a3a920203e327
Instruction Fuzzy Hash: 0C51F3B16003009FD7109FA8CC81B56B7F4FF94308F04896DFA558B762E771EA548BA2

Function 20296230 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 374COMMON

Download Yara Rule

Strings

NULL, xrefs: 20296481
-- , xrefs: 202962B0, 202962C0
'%.*q', xrefs: 20296562
%02x, xrefs: 2029660C
zeroblob(%d), xrefs: 202965AF
%lld, xrefs: 2029649B
NULL, xrefs: 20296466
%!.15g, xrefs: 202964C2

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!.15g$%02x$%lld$'%.*q'$-- $NULL$NULL$zeroblob(%d)
API String ID: 0-3665355275
Opcode ID: 2e737117fcb08e5690eab48cbaef46c30de2b9b3fb022154d0c4e954783c31da
Instruction ID: 51360b17e07e14fb8108cfd3ba1779954f85faf80bc8d1705e6e22785a0b2fde
Opcode Fuzzy Hash: 2e737117fcb08e5690eab48cbaef46c30de2b9b3fb022154d0c4e954783c31da
Instruction Fuzzy Hash: 9ED125718083899FD704CFA4CC89F5ABBE8BF95348F54095EF98897211D335EA64CB52

Function 2025A150 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 226COMMON

Download Yara Rule

Strings

segid, term, pgno, PRIMARY KEY(segid, term), xrefs: 2025A1FB
idx, xrefs: 2025A200
%s_data, xrefs: 2025A1BC
id INTEGER PRIMARY KEY, block BLOB, xrefs: 2025A1DF
data, xrefs: 2025A1E4

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s_data$data$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
API String ID: 0-1009905541
Opcode ID: 802aafc2e2e7d5762934fdef500151dd2f4ccb325ab085d8d38e68f9e206f2cb
Instruction ID: 651a49986b5cf3349310af9ec816ce8b8c24652ad059d06613b2999ab83dbe0f
Opcode Fuzzy Hash: 802aafc2e2e7d5762934fdef500151dd2f4ccb325ab085d8d38e68f9e206f2cb
Instruction Fuzzy Hash: EB71B071504A019BD7065FA4DC4AB173BACBF14349F000426FD06E7672EB39E9ACDB69

Function 2025F370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON

Download Yara Rule

Strings

config, xrefs: 2025F549
id INTEGER PRIMARY KEY, xrefs: 2025F43E
k PRIMARY KEY, v, xrefs: 2025F544
id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER, xrefs: 2025F51C
content, xrefs: 2025F49D
, c%d, xrefs: 2025F469
version, xrefs: 2025F560
id INTEGER PRIMARY KEY, sz BLOB, xrefs: 2025F524, 2025F52C
docsize, xrefs: 2025F52D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
API String ID: 0-3918257174
Opcode ID: ef428bd5d388a0f80c84593772561a5a6d7d5ed1ed94314c855dc8ae89eb4260
Instruction ID: 66f78606292a238f15196a3dbfcf204b6074673f703b6735bb4b34f1c8fb96d9
Opcode Fuzzy Hash: ef428bd5d388a0f80c84593772561a5a6d7d5ed1ed94314c855dc8ae89eb4260
Instruction Fuzzy Hash: B85144328002019BC715DFA4CC41B6B7BA8FF84365F44012AFD489B211E339EE6DCBA5

Function 2013A6C0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 195COMMON

Download Yara Rule

Strings

<polyline points=, xrefs: 2013A74B
%g,%g', xrefs: 2013A7D1
></polyline>, xrefs: 2013A845
%c%g,%g, xrefs: 2013A78E
%s, xrefs: 2013A82E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %g,%g'$ %s$%c%g,%g$<polyline points=$></polyline>
API String ID: 0-3443809342
Opcode ID: 3365b1833f35bcc5559f87af778a32e683ba1055609a2697d54b0bb447e64b6f
Instruction ID: 859dafd3826321a244f0eb7a0baf1c7260edc3a492185a2e17c52714809159eb
Opcode Fuzzy Hash: 3365b1833f35bcc5559f87af778a32e683ba1055609a2697d54b0bb447e64b6f
Instruction Fuzzy Hash: C7616A709007009BD7119FA4CC85B9677B9BF51305F404668F809AB2A1F739EF9ACBE2

Function 20278F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON

Download Yara Rule

Strings

%!.20e, xrefs: 20278FF1
%lld, xrefs: 2027900C
NULL, xrefs: 2027912E
%!.15g, xrefs: 20278F83
NULL, xrefs: 20279148

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!.15g$%!.20e$%lld$NULL$NULL
API String ID: 0-2115304644
Opcode ID: febe5a46d13a7fa29b8fe45d3bd091ae75672690d0ec751107bbdf03aa2a88b8
Instruction ID: 29f3aedeb4b9e93d01c55c7fff83148d7e52009094b5a6f466f73242abab45b5
Opcode Fuzzy Hash: febe5a46d13a7fa29b8fe45d3bd091ae75672690d0ec751107bbdf03aa2a88b8
Instruction Fuzzy Hash: 9B5149719047115BD710DF58CC42B9BB7F4FF95304F04899EF8996B222E335EA158792

Function 20143420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20143548, 20143594
API called with NULL prepared statement, xrefs: 20143517
API called with finalized prepared statement, xrefs: 2014352C, 20143588
ATTACH x AS %Q, xrefs: 2014346F
%s at line %d of [%.10s], xrefs: 20143557, 201435A3
misuse, xrefs: 20143552, 2014359E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-2988319395
Opcode ID: 6636c71a238b54a206fa781164af4715c2d1c1d0159072c008ce87bf56168785
Instruction ID: 47a7eec402c31c6fdb968034fe60451bc4fa1d8bf223d6633269df2f12b7373d
Opcode Fuzzy Hash: 6636c71a238b54a206fa781164af4715c2d1c1d0159072c008ce87bf56168785
Instruction Fuzzy Hash: 1AD1E3B0D047019BD7018FA4EC85B9B77E8BF54319F04452CF9599A272E739EB84CBA2

Function 20214B10 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 156COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20214C2A
API called with finalized prepared statement, xrefs: 20214C1E
%s at line %d of [%.10s], xrefs: 20214C39
UNIQUE constraint failed: %s.%s, xrefs: 20214BC9
SELECT * FROM %Q.%Q, xrefs: 20214B25
rtree constraint failed: %s.(%s<=%s), xrefs: 20214BF9
misuse, xrefs: 20214C34

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$rtree constraint failed: %s.(%s<=%s)
API String ID: 0-2013246442
Opcode ID: f7528ae8a82b03d451053b60a3f01b9bfe65ad26c909882ecc2c6a892d99e2a6
Instruction ID: 6180e67127828f573a80d2460f3f4a4bffe88ada238db4d5c1437f852c772c27
Opcode Fuzzy Hash: f7528ae8a82b03d451053b60a3f01b9bfe65ad26c909882ecc2c6a892d99e2a6
Instruction Fuzzy Hash: BF416971905601AFE3014FE58C81F9B77ECFF60208F00052BFD0896262EB25AAA496F6

Function 202C7C10 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

winFullPathname2, xrefs: 202C7D35
%s%c%s, xrefs: 202C7C7A
winFullPathname1, xrefs: 202C7CC9

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s%c%s$winFullPathname1$winFullPathname2
API String ID: 0-2846052723
Opcode ID: 952301f435a7d19d0596dc5270d78225c0f964aeff59ce2f8a4bc0b6d2b8cae8
Instruction ID: 3c64af93169ae9154510b70c1afe8d149e5c4fddcf4b8f9adbfbbfd9f82cc446
Opcode Fuzzy Hash: 952301f435a7d19d0596dc5270d78225c0f964aeff59ce2f8a4bc0b6d2b8cae8
Instruction Fuzzy Hash: 3441BDB1A043422BE3116FF0FC42F3B3BEDAF51214F06026FF58A59042D7669B56C2A2

Function 20214920 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 132COMMON

Download Yara Rule

Strings

SELECT * FROM %Q.'%q_rowid', xrefs: 2021496D
_parent, xrefs: 20214A6D
Schema corrupt or not an rtree, xrefs: 202149DC
SELECT * FROM %Q.%Q, xrefs: 202149AA
_rowid, xrefs: 20214A57

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: SELECT * FROM %Q.%Q$SELECT * FROM %Q.'%q_rowid'$Schema corrupt or not an rtree$_parent$_rowid
API String ID: 0-2087119806
Opcode ID: b4749594644ef763ce3c6c0658e86f155083bf56aeec319f0f82632d20b34e1e
Instruction ID: dceadec8dbaec35ff7adc68c3d9da681dd688755dfba26e7407ecb2d8e6ff6d5
Opcode Fuzzy Hash: b4749594644ef763ce3c6c0658e86f155083bf56aeec319f0f82632d20b34e1e
Instruction Fuzzy Hash: 2841E2B1914341ABC704DFE4DD81E6FB7E9BFE9604F411A2EF489E2111E270E9948B93

Function 202BAAD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202BAB0B, 202BAB4C, 202BABA0
bind on a busy prepared statement: [%s], xrefs: 202BAB94
API called with NULL prepared statement, xrefs: 202BAAD9
API called with finalized prepared statement, xrefs: 202BAAEF
%s at line %d of [%.10s], xrefs: 202BAB1A, 202BAB5B, 202BABAF
misuse, xrefs: 202BAB15, 202BAB56, 202BABAA

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3679126755
Opcode ID: 6a5e5f29911f7dc9cbcfbbf87f4dd37a70218370020f0077e5ff3c75cd9e113c
Instruction ID: 3c8f2038b7336d7994d1df4bf3efa58b5f5fe651da0c5994534e4a158753acc6
Opcode Fuzzy Hash: 6a5e5f29911f7dc9cbcfbbf87f4dd37a70218370020f0077e5ff3c75cd9e113c
Instruction Fuzzy Hash: A8410070600A019BE7108FE8DC82FC67BE4BF64348F04042AFA699B295E775E9A4C791

Function 2025ECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

content, xrefs: 2025EFDF
docsize, xrefs: 2025F020

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: content$docsize
API String ID: 0-1024698521
Opcode ID: cd47e3ed93d384dddce44a2df2144e96834f5405164eae19358b52c92415a395
Instruction ID: f9dab77fa57a2a9cefd3920d55bbd16bb523bf72898541e5ac5171fadb233991
Opcode Fuzzy Hash: cd47e3ed93d384dddce44a2df2144e96834f5405164eae19358b52c92415a395
Instruction Fuzzy Hash: 7DC10171904302ABC759CF90CCC1B6BBBE4EF94350F04052AFD4497252E775EEA98B9A

Function 201E5470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

JSON cannot hold BLOB values, xrefs: 201E5697
%!0.15g, xrefs: 201E54D2
%lld, xrefs: 201E550D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!0.15g$%lld$JSON cannot hold BLOB values
API String ID: 0-1047910854
Opcode ID: 89fe6d74880115ea1c0aedd8e6dcb09f517df85810c3c213fa1f97c118ba2a00
Instruction ID: 9134925f7ec2b195b8ef9fd540f0d0cbbd962967aa658433dc25f83b0728d64f
Opcode Fuzzy Hash: 89fe6d74880115ea1c0aedd8e6dcb09f517df85810c3c213fa1f97c118ba2a00
Instruction Fuzzy Hash: 9651C172500A006AE3105FD9DC42FFF77A6DFA2324F14025DFA49462C2EB67975542A1

Function 20162B70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 183COMMON

Download Yara Rule

Strings

%c"%s", xrefs: 20162C1B
,schema HIDDEN, xrefs: 20162CD2
("%s", xrefs: 20162C4A
ABLE x, xrefs: 20162BB6
,arg HIDDEN, xrefs: 20162C7A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %c"%s"$("%s"$,arg HIDDEN$,schema HIDDEN$ABLE x
API String ID: 0-1763475469
Opcode ID: 1342fabf9275752e2e90b7b45b85a1bcd5779711dbedf2dee2745da165533f0b
Instruction ID: 5f4dcbf128fcc6e78890cbc02c9308957b2a79b63752f16d9f28a99ff1c4e7b0
Opcode Fuzzy Hash: 1342fabf9275752e2e90b7b45b85a1bcd5779711dbedf2dee2745da165533f0b
Instruction Fuzzy Hash: FA7192708087819BD314CFA4C850B9BBBE4FF99304F008A5EF8889B251E775D659CB92

Function 201DAA40 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 334COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201DAAB8, 201DAD82
API called with NULL prepared statement, xrefs: 201DAA87
API called with finalized prepared statement, xrefs: 201DAA9C, 201DAD76
%s at line %d of [%.10s], xrefs: 201DAAC7, 201DAD91
misuse, xrefs: 201DAAC2, 201DAD8C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 2b48dbbb82542340edee3a97d8856ca8a072ae92ce75a5543e84976fbc1a87a5
Instruction ID: 981f0d5e3ba6e36124e9b071907684b9671b730e054218aea7f7eeb427436fef
Opcode Fuzzy Hash: 2b48dbbb82542340edee3a97d8856ca8a072ae92ce75a5543e84976fbc1a87a5
Instruction Fuzzy Hash: 33B114B2A007009BE710CFE49C41B9777E9AF50319F440529E9968B3C2E779EB558BA2

Function 2015A170 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

malformed JSON, xrefs: 2015A283
JSON path error near '%q', xrefs: 2015A3D7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'$malformed JSON
API String ID: 0-560895927
Opcode ID: ed7f3aa9b539009e84f2ec956cf3d369110f74455de3f992bc6aac3eb221305d
Instruction ID: c5278cef7b37f01f7a409cc5c4aa2547e435fe92b1afcc2d9307fafb75275654
Opcode Fuzzy Hash: ed7f3aa9b539009e84f2ec956cf3d369110f74455de3f992bc6aac3eb221305d
Instruction Fuzzy Hash: 73A119B15403008BD714CFA4D846BA6BFE5EF90304F58452DE5998F282E776EB4ECB91

Function 20163D20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223COMMON

Download Yara Rule

Strings

%Q., xrefs: 20163E11
=%Q, xrefs: 20163E7F
PRAGMA , xrefs: 20163DC5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %Q.$=%Q$PRAGMA
API String ID: 0-2099833060
Opcode ID: d1314ac6ef00200df8d6442302ffbca4e1dd2b79ebd8ca32095655b2c5ec3071
Instruction ID: b8ad15b561cc5f4547f2beb986189c3a6c32e66fa049d084fbb5bccfbc080353
Opcode Fuzzy Hash: d1314ac6ef00200df8d6442302ffbca4e1dd2b79ebd8ca32095655b2c5ec3071
Instruction Fuzzy Hash: 39712571A043009BD700DFA8CC81B9BB7E8BF54304F04056DF9559B252E73AEB69CBA2

Function 2014B980 Relevance: 16.7, APIs: 11, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8334dd2a0bec889a588022a030f2286042b7098d29febf57d24d0e4849e34879
Instruction ID: 30030af42e0ff46cacdd703240a6bf7c128d1e16f6e58375c2e40f58fa88e49f
Opcode Fuzzy Hash: 8334dd2a0bec889a588022a030f2286042b7098d29febf57d24d0e4849e34879
Instruction Fuzzy Hash: DD813379C083418BD7118FA488C27AABBF0EF51204F5409ADF9945B23AD735DF96C792

Function 2018F600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction ID: d303b37836c94204082300519ff71b801844dad3c320a3cdc28e8bba2f1a8bda
Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction Fuzzy Hash: 9751FE72A04301AFE700DF94DC82BAFB3E8EFA4314F40052DF94497241E725AF598BA2

Function 201B1940 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 345COMMON

Download Yara Rule

Strings

block, xrefs: 201B1A90
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201B1B17
%s at line %d of [%.10s], xrefs: 201B1B26
misuse, xrefs: 201B1B21

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$block$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-4016964285
Opcode ID: e14640292c4da4e9fc0bd10ad1a89f900e83744d69ebb5ff816f8273e55c8cd6
Instruction ID: 11a3135d4e25d0c169b621fb14195c46c3f7e43d84f0c15427b2448290f5728e
Opcode Fuzzy Hash: e14640292c4da4e9fc0bd10ad1a89f900e83744d69ebb5ff816f8273e55c8cd6
Instruction Fuzzy Hash: 4BC1D1B1904240DFDB11CFA4CC84A9A7BA8FF44314F864569FD099B222E735EF54CBA2

Function 2015FED0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 257COMMON

Download Yara Rule

Strings

%llu, xrefs: 2015FF3C
abort due to ROLLBACK, xrefs: 20160068
%llu, xrefs: 2015FFF7
unknown error, xrefs: 2016003E
another row available, xrefs: 20160076, 20160081
no more rows available, xrefs: 2016006F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %llu$%llu$abort due to ROLLBACK$another row available$no more rows available$unknown error
API String ID: 0-1539118790
Opcode ID: ab4edb5b07a34e38c07f00066cff212cad35ce4fe523748aa72f220f533abda4
Instruction ID: 198e77f131e82adc393ff30c694f0b830a5f51fcec186d07480462f50179aa2b
Opcode Fuzzy Hash: ab4edb5b07a34e38c07f00066cff212cad35ce4fe523748aa72f220f533abda4
Instruction Fuzzy Hash: 169111316042009BC705DF98CC84BABB7E1FB89358F04056EF9599B3A1D73AEA56CB52

Function 202670B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON

Download Yara Rule

Strings

orphan index, xrefs: 202672C2
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2026720D
API called with finalized prepared statement, xrefs: 20267201
%s at line %d of [%.10s], xrefs: 2026721C
misuse, xrefs: 20267217
invalid rootpage, xrefs: 2026715C, 2026730E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
API String ID: 0-165706444
Opcode ID: 9e70c04ce86af433eb2f1f7bc4f80f98e17a74224c21221f6503516a1c30a63e
Instruction ID: b5b77c7e804ebeed668132994d84e5234bdb32d375d6eb179a8cfc2a4816b9a8
Opcode Fuzzy Hash: 9e70c04ce86af433eb2f1f7bc4f80f98e17a74224c21221f6503516a1c30a63e
Instruction Fuzzy Hash: 16616AB1A043416BD7215FE0BC81F5777E8AFA1219F1444ABFD148A253E721EAF4C7A2

Function 20153A50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 172COMMON

Download Yara Rule

Strings

no such schema, xrefs: 20153BEA
read-only, xrefs: 20153A71
cannot insert, xrefs: 20153BF1, 20153C52
cannot delete, xrefs: 20153A82
bad page value, xrefs: 20153BDC
bad page number, xrefs: 20153BE3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
API String ID: 0-1499782803
Opcode ID: d4589b39cdcec60e6cd62641f3ef2d5c52f6c1f5ea556e7805741469ac869a6f
Instruction ID: 1b6de1c1bed81af9246ff3106ca6088917fec2c1f64cd84d8b81a15e1496b745
Opcode Fuzzy Hash: d4589b39cdcec60e6cd62641f3ef2d5c52f6c1f5ea556e7805741469ac869a6f
Instruction Fuzzy Hash: EF511571A042008FD711CB94CCC5F967FA8AB50214F14446AF9699F222E73AEF9DDB62

Function 20169100 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 161COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2016913E
API called with NULL prepared statement, xrefs: 2016910D
API called with finalized prepared statement, xrefs: 20169122
%s at line %d of [%.10s], xrefs: 2016914D
misuse, xrefs: 20169148

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 925aa065835903d03a8aac39e806e44509201f29cc6c160113e4ab1b6e6b96a9
Instruction ID: fb50d4316397345362489a101abdc7fd8d41ac6ff709a09c627d11d415df1f17
Opcode Fuzzy Hash: 925aa065835903d03a8aac39e806e44509201f29cc6c160113e4ab1b6e6b96a9
Instruction Fuzzy Hash: 31419AB1904702ABD7084FF48C46BD737DCAB96324F24043CF5458B34AE639EB2987A1

Function 20278340 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2027837D
API call with %s database connection pointer, xrefs: 2027836E
%s at line %d of [%.10s], xrefs: 2027838C
NULL, xrefs: 20278369
misuse, xrefs: 20278387
unopened, xrefs: 202783BD
invalid, xrefs: 202783B6

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: eb30b70eea2f636f61a4ccc45a3329d0987776d94d8f127a60d8da7396ea4b96
Instruction ID: a90e23575b316dccc9ecee325df4e70ca851dec12f13d15e2a61d6a77b4557b3
Opcode Fuzzy Hash: eb30b70eea2f636f61a4ccc45a3329d0987776d94d8f127a60d8da7396ea4b96
Instruction Fuzzy Hash: 0E41A7705843036BD7008FA88C85FBB7BB9BF81A04F48809EF9445B662E371D82487A2

Function 2026B0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2026B108
API call with %s database connection pointer, xrefs: 2026B0F9
%s at line %d of [%.10s], xrefs: 2026B117
NULL, xrefs: 2026B0F4
misuse, xrefs: 2026B112
unopened, xrefs: 2026B145
invalid, xrefs: 2026B13E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: 8cec99b9c2298aed23e89d833a448c567de6eafc5f457ed90057e83d83687d81
Instruction ID: d36564225c5000ffa95c408cb00ae909a559879267ce5d5fb79d2bbc057be3fc
Opcode Fuzzy Hash: 8cec99b9c2298aed23e89d833a448c567de6eafc5f457ed90057e83d83687d81
Instruction Fuzzy Hash: 64319771904705BBD7130ED44C50B8B7BF9AF46228F00056BFAA866202E775EBF58792

Function 20166F30 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

bad parameter or other API misuse, xrefs: 20166F7E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20166F60
API call with %s database connection pointer, xrefs: 20166F54
out of memory, xrefs: 20166F39, 20166FA0
%s at line %d of [%.10s], xrefs: 20166F6F
misuse, xrefs: 20166F6A
invalid, xrefs: 20166F4F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$bad parameter or other API misuse$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$out of memory
API String ID: 0-2911740470
Opcode ID: 4ba4d0668c00ca4d56dd763e3fbadf8d1f76caef3951fd7e5c1a4c24745b5b12
Instruction ID: b2a61768c6778fd7c95d8274e172d9afdb0a0ffe9dee6dd0e1253751bff5f99f
Opcode Fuzzy Hash: 4ba4d0668c00ca4d56dd763e3fbadf8d1f76caef3951fd7e5c1a4c24745b5b12
Instruction Fuzzy Hash: 43217971604B5097DB2147D8BCA1FCB23A26BC0318F2944EDF1565A206D636FFA6A291

Function 201506F0 Relevance: 15.2, APIs: 10, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a729a889a8754726e11b44da989c536c0623fc7b960265fb7f7f885d9e927cdc
Instruction ID: 97a3c5f42ad9a7a6e132f0371d2bdc6cae6198b0dc0d41258ae0e112376425f7
Opcode Fuzzy Hash: a729a889a8754726e11b44da989c536c0623fc7b960265fb7f7f885d9e927cdc
Instruction Fuzzy Hash: 8C7102B59003018BDB15DFD4C882B9A7BE4AF98204F14056DEDA59F206E336EB5DCB91

Function 20216380 Relevance: 15.1, APIs: 10, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf50b62b9927aa83c57909ea1ea8ba8a91bb5fc08327f93968e6ab1389f129d
Instruction ID: b68dd637816d85aa68e9ba2c7303c834d91f8cfa3a450c01db556ca2e78e4e06
Opcode Fuzzy Hash: cdf50b62b9927aa83c57909ea1ea8ba8a91bb5fc08327f93968e6ab1389f129d
Instruction Fuzzy Hash: 42418070404A01DBC7225FA4EC49B1BB7FDBF10619F000429F90692632EB39F9E4EB61

Function 2018F4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction ID: 14c8cdd0c0f880a523df5faa3ed3c6df145c759a2a56e9812fb639095c2a6921
Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction Fuzzy Hash: 5E21AEB690025176F346ABA09C02FAF729C9F71316F89445DFE18A2181F724DB498AA3

Function 2014E170 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 445COMMON

Download Yara Rule

Strings

fts5vocab, xrefs: 201C1340
unable to delete/modify user-function due to active statements, xrefs: 201C13BF, 201C14B8
fts5_source_id, xrefs: 201C148D, 201C14E0
snippet, xrefs: 201C1200
fts5, xrefs: 201C1053, 201C1395, 201C13E7
5 , xrefs: 201C1281, 201C130F
5 , xrefs: 201C12BF

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: fts5$fts5_source_id$fts5vocab$snippet$unable to delete/modify user-function due to active statements$5 $5
API String ID: 0-31552780
Opcode ID: c2975328ec3ed21f2ec72b9f6ee03a6e94a240844c3620948f44dad03a5d449b
Instruction ID: 34fd219c11e7b828a9345d9e5f04c7daa0ffa350d883989140d132698bc934ea
Opcode Fuzzy Hash: c2975328ec3ed21f2ec72b9f6ee03a6e94a240844c3620948f44dad03a5d449b
Instruction Fuzzy Hash: D7F1E2B0544700ABD7158FA4CC85B5B7BE8BF76348F000528F90596762E779EB94CBA3

Function 2024FB30 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 324COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2024FB96
API called with NULL prepared statement, xrefs: 2024FB65
API called with finalized prepared statement, xrefs: 2024FB7A
%s at line %d of [%.10s], xrefs: 2024FBA5
misuse, xrefs: 2024FBA0

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 6505beb1265e3fbaa30bb769526d6006c95bc5503593ce290d1a3995afe7c7e3
Instruction ID: d1b50fe9f9d6c44d8c25b2e5f2888a407319a403454f618bacbc58de694f9531
Opcode Fuzzy Hash: 6505beb1265e3fbaa30bb769526d6006c95bc5503593ce290d1a3995afe7c7e3
Instruction Fuzzy Hash: E8B102B0E047018FD754CFA4DC45B1777E4BF94309F00092EE98A87252E77AE9698BA2

Function 201C1710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON

Download Yara Rule

Strings

%z, %Q HIDDEN, %s HIDDEN), xrefs: 201C1831
rank, xrefs: 201C1824
%z%s%Q, xrefs: 201C180D
CREATE TABLE x(, xrefs: 201C17D9

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
API String ID: 0-3324442540
Opcode ID: 8f58776d180efabd6ec8e9609f467d118b61b5b01bf26f3450d3bee7a064dd1b
Instruction ID: 9bbb1e658865ee27bb9e0a19ad5b4b9a18c482d19d597bd8c4511b06aecdac15
Opcode Fuzzy Hash: 8f58776d180efabd6ec8e9609f467d118b61b5b01bf26f3450d3bee7a064dd1b
Instruction Fuzzy Hash: 5181E371944200AFDB018FA4DC41F9AB7E8FF65259F040629FC45A7231E735DE64DBA2

Function 2018E320 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2018E376
API called with finalized prepared statement, xrefs: 2018E36A
%s at line %d of [%.10s], xrefs: 2018E385
misuse, xrefs: 2018E380

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: 191bba3cfa6ed6f2e195e12e346861461700363d674b6147a7ed3495af6bef7e
Instruction ID: 4549a2d5636d087d632974c81c88930d11846b8fd8b7f5bef264f96dfecc3e3f
Opcode Fuzzy Hash: 191bba3cfa6ed6f2e195e12e346861461700363d674b6147a7ed3495af6bef7e
Instruction Fuzzy Hash: 9A514371904A00EBF7029FA4DC49B9A37A8BF14359F044025FD0996271E739EB95DFA2

Function 202374A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON

Download Yara Rule

Strings

unable to close due to unfinalized statements or unfinished backups, xrefs: 202375D1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202374CD
API call with %s database connection pointer, xrefs: 202374C1
%s at line %d of [%.10s], xrefs: 202374DC
misuse, xrefs: 202374D7
invalid, xrefs: 202374BC

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 0-3800776574
Opcode ID: 903b58798b61cd721f3d7ca5807a90166be8ad7b65a326db6d1f20783f3d0c98
Instruction ID: bc0ccce416108b7756aa587f9d74189c18e1ca4ec303a38655f67b4223627a00
Opcode Fuzzy Hash: 903b58798b61cd721f3d7ca5807a90166be8ad7b65a326db6d1f20783f3d0c98
Instruction Fuzzy Hash: 33514BB1504F02ABDB218FB4AC45F5777A9BF40314F54001AFD5993221F734FAA5CAA2

Function 201DBCF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 103COMMON

Download Yara Rule

Strings

PRAGMA %Q.page_size, xrefs: 201DBD03
SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1, xrefs: 201DBD67
undersize RTree blobs in "%q_node", xrefs: 201DBDA1

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.page_size$SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1$undersize RTree blobs in "%q_node"
API String ID: 0-3485589083
Opcode ID: 98ba46e452e66107163cf9795651eaf29793442c4520811eb05b19417edbe550
Instruction ID: 3c529e8bbcc2eaf2180bdfd58af70106bc4a36f041737cdfd684af7111cf754b
Opcode Fuzzy Hash: 98ba46e452e66107163cf9795651eaf29793442c4520811eb05b19417edbe550
Instruction Fuzzy Hash: 3431D472904A01EFD3018BE4CCC0B9A77BDFB54259F000625F90696721E739EB94DBA1

Function 202332F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202336B8, 202336FD, 2023375D, 2023380E
%s at line %d of [%.10s], xrefs: 202336C7, 2023370C, 2023376C, 2023381D
database corruption, xrefs: 202336C2, 20233707, 20233767, 20233818

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: bbc696970a66b69bbdb8ed9e3a5aa51ea4d6d6acd396b3b889f71c3d4f18e07d
Instruction ID: 66e7cb5bd8ebe1c4222c0c7ca544e5e6f495eb1e8923ce2718758fec116d6d79
Opcode Fuzzy Hash: bbc696970a66b69bbdb8ed9e3a5aa51ea4d6d6acd396b3b889f71c3d4f18e07d
Instruction Fuzzy Hash: 6DF146B06047429FD300DF69CDC0BA6BBE4FF84214F44419AE944CB662E335EAA5CBE1

Function 2015E420 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

%c%04d-%02d-%02d %02d:%02d:%06.3f, xrefs: 2015E717
abort due to ROLLBACK, xrefs: 2015E795
unknown error, xrefs: 2015E76B
another row available, xrefs: 2015E7A3, 2015E7AE
d, xrefs: 2015E71D
no more rows available, xrefs: 2015E79C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %c%04d-%02d-%02d %02d:%02d:%06.3f$abort due to ROLLBACK$another row available$d$no more rows available$unknown error
API String ID: 0-322231948
Opcode ID: 6a4fedb0f2ff8debd39600e9126fc9f1f65b9e7275311409e23a464cc9fe3c55
Instruction ID: e27dd92705a333006e00f407d2604a07fa3b56825647a30aaa2b9fe31ad52c15
Opcode Fuzzy Hash: 6a4fedb0f2ff8debd39600e9126fc9f1f65b9e7275311409e23a464cc9fe3c55
Instruction Fuzzy Hash: 81E1D0719083409FD708CFA4C8C4B9BBBE5BF88304F50492DF9959B251E376EA49CB92

Function 201628E5 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 201629F1
malformed inverted index for FTS5 table %s.%s, xrefs: 20162A8A
unable to validate the inverted index for FTS5 table %s.%s: %s, xrefs: 20162AA0

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS5 table %s.%s$unable to validate the inverted index for FTS5 table %s.%s: %s
API String ID: 0-3572959941
Opcode ID: 9f2aa67ca9b7387ea4aed92d5c1fe397cad7b54031b00ba531750d7ad7f3845b
Instruction ID: d0f076e2cc0521addbff95161ba18ea5f74c6217763177a68cf571bec62ff556
Opcode Fuzzy Hash: 9f2aa67ca9b7387ea4aed92d5c1fe397cad7b54031b00ba531750d7ad7f3845b
Instruction Fuzzy Hash: 58413572905A00AFD3118FA8DC48FEB77ACFF44259F000429F94582631EB3997A4DBB6

Function 201800A0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 334COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20180104, 2018025C, 20180407, 20180432
%s at line %d of [%.10s], xrefs: 20180113, 2018026B, 20180416, 20180441
database corruption, xrefs: 2018010E, 20180266, 20180411, 2018043C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: ca99fd9a592691e56d0c4b4b2fd4040a5b8034e10104c3c4559ecbd84093c9be
Instruction ID: 0228e8586baf7d3a39753c3f2575bb0b3a6ef03c7ab000c0195246da7ebc81d0
Opcode Fuzzy Hash: ca99fd9a592691e56d0c4b4b2fd4040a5b8034e10104c3c4559ecbd84093c9be
Instruction Fuzzy Hash: 58B12A71A083545FC345CF59C8C1AAAFBE0FF94215F4846AEF5849B242D236E749CFA2

Function 2018CEA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 286COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2018CF48, 2018CF78, 2018D098, 2018D121
%s at line %d of [%.10s], xrefs: 2018CF57, 2018CF87, 2018D0A7, 2018D130
database corruption, xrefs: 2018CF52, 2018CF82, 2018D0A2, 2018D12B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: a07ee9cd1cb5872f734d8cf58774c06d3f206a4289f75699d86e5f0a763098cf
Instruction ID: 0fdb22f0b2f50b82743c2e2a62ea0805c6abcecda7d444891970d2922839325a
Opcode Fuzzy Hash: a07ee9cd1cb5872f734d8cf58774c06d3f206a4289f75699d86e5f0a763098cf
Instruction Fuzzy Hash: D3914A316083915BD304EF6998919FABFD0EF95215F8441BFF9D487242D12ADB0DCBA2

Function 20149700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

(FK), xrefs: 201498D3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: (FK)
API String ID: 0-1642768157
Opcode ID: 947fc6d892047bc31f3b1d4fb01e5b6937eab02230dae8ec4a7444f1dc59f7fc
Instruction ID: 670cd99dac7f90ea95750fce0b1e74301ea8789ce95bb8759716d025c5365b72
Opcode Fuzzy Hash: 947fc6d892047bc31f3b1d4fb01e5b6937eab02230dae8ec4a7444f1dc59f7fc
Instruction Fuzzy Hash: 5A81B7777152009FE7109F98EC40B56F3A1FB85236F2047AEF649876A1E732EA11DB50

Function 202C8D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON

Download Yara Rule

Strings

readonly_shm, xrefs: 202C8F52
winOpenShm, xrefs: 202C8FB9
%s-shm, xrefs: 202C8DF2

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s-shm$readonly_shm$winOpenShm
API String ID: 0-2815843928
Opcode ID: fd3cce228da07bfca60d4266e6c1be635f60e56469fd696f4dfffab64ee1c127
Instruction ID: 421d76f4001c6a899a3112cdf67ff8e4c5eb49509064beadacf7228270de5276
Opcode Fuzzy Hash: fd3cce228da07bfca60d4266e6c1be635f60e56469fd696f4dfffab64ee1c127
Instruction Fuzzy Hash: B59103B0904B029BD7119FA4CC45B2777ACFF00305F05462AFD4597A62F739E9A4DBA2

Function 2015EB00 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2015ECCB
%s at line %d of [%.10s], xrefs: 2015ECDA
%.*s%s, xrefs: 2015EC88
database corruption, xrefs: 2015ECD5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %.*s%s$%s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-894757972
Opcode ID: dbdf799ffb7799c19b462341202af0bbbd886b7524064fbed247a1263dfcc60b
Instruction ID: 54f1b9a6cbfbc7723e70d11be4e34a6c8899cf046f946af2250f813600eb2873
Opcode Fuzzy Hash: dbdf799ffb7799c19b462341202af0bbbd886b7524064fbed247a1263dfcc60b
Instruction Fuzzy Hash: C761C071A043018BD718CFA4C8C1A9BBBE2AF88314F14496DF8699F351E735EE49CB91

Function 201E9030 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 169COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201E904F, 201E9182, 201E91B9, 201E91E4
%s at line %d of [%.10s], xrefs: 201E905E, 201E9191, 201E91C8, 201E91F3
database corruption, xrefs: 201E9059, 201E918C, 201E91C3, 201E91EE

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9a4aa6b6cc06f13b54475b00926ba6fef7ecb77522ee1cb8cfa8440dcb01ab2c
Instruction ID: ee0f6a6b7c4b5197e4363a136d2739ff6dc56cfa4714474a9d0fd78ef2e01ef1
Opcode Fuzzy Hash: 9a4aa6b6cc06f13b54475b00926ba6fef7ecb77522ee1cb8cfa8440dcb01ab2c
Instruction Fuzzy Hash: 0A512871704740ABC300EB9AC884FEBB7E0FB88225F944869F54DC7756D336EA858B61

Function 20151120 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 169COMMON

Download Yara Rule

Strings

XD7 , xrefs: 20151253
main, xrefs: 201511A6
rbu_memory, xrefs: 201511F5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: XD7 $main$rbu_memory
API String ID: 0-2805983604
Opcode ID: a2462c473db63f5f90b2ec0311cffc900e2dee767682a4eb18fac614a3e27be3
Instruction ID: 042266fe6d1daf96c11191a4c9133878420e5fcbbe8e8475e667234420fd630a
Opcode Fuzzy Hash: a2462c473db63f5f90b2ec0311cffc900e2dee767682a4eb18fac614a3e27be3
Instruction Fuzzy Hash: DE51E2716047019FD7028FE6DC80B9ABBE8FF54314F104469FA25DB621EB35EA49CB61

Function 20139DA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

[%!g,%!g],, xrefs: 20139E7E
[%!g,%!g]], xrefs: 20139EC0

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: [%!g,%!g],$[%!g,%!g]]
API String ID: 0-3388633204
Opcode ID: 54508e8e191c3db793247829b457961faab4e3aa8088ad7ae857dbfc41390821
Instruction ID: 1e3c7d6d185d95e0c28d974981cbee1440978eaf9b25a44adc6f2839c597df23
Opcode Fuzzy Hash: 54508e8e191c3db793247829b457961faab4e3aa8088ad7ae857dbfc41390821
Instruction Fuzzy Hash: 93513670904B048BD701DFA9CCC1B57BBB8BF56304F004629FC499B265F775AA89CBA2

Function 2015F330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 2015F33F
malformed inverted index for FTS%d table %s.%s, xrefs: 2015F3F3
unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 2015F418

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
API String ID: 0-2809892521
Opcode ID: 58d9364ec699d8ef86c85ae80d66e503db786c93cd1e381af47823baa60b15b1
Instruction ID: df9a1f710bd712b8d6294544fdf8cea161148254f3b669cab317bb8e5b8acffb
Opcode Fuzzy Hash: 58d9364ec699d8ef86c85ae80d66e503db786c93cd1e381af47823baa60b15b1
Instruction Fuzzy Hash: 3141F071909601DFE7019BA4DC48FAB3BACFF44255F04042DF901CA171E7399699EBB2

Function 20166E30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 30COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20166E58
API call with %s database connection pointer, xrefs: 20166E4C
%s at line %d of [%.10s], xrefs: 20166E67
misuse, xrefs: 20166E62
invalid, xrefs: 20166E47

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 075fe81584d1fa061c2f5aee2e04d6f57be7d727e3cabef8d700b982fc8b40ff
Instruction ID: 3e701c70c9eed6316884208d7a5423a6358eda6bd91ad217ec1182f55403e807
Opcode Fuzzy Hash: 075fe81584d1fa061c2f5aee2e04d6f57be7d727e3cabef8d700b982fc8b40ff
Instruction Fuzzy Hash: E9F0E528B44544ABEB04D3C5CCC2FEA3F963B94B0EF84009CF7605E19AC21B9E539681

Function 20166EB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 29COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20166EDB
API call with %s database connection pointer, xrefs: 20166ECF
%s at line %d of [%.10s], xrefs: 20166EEA
misuse, xrefs: 20166EE5
invalid, xrefs: 20166ECA

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 6a34e699654f889377f56f728759c9ca821653aa60dbb0a22d128b5a66a78580
Instruction ID: 2a913b7097542fc3a9ff2b465da3358465aab7277c4ac3e9485714efbfe68a2f
Opcode Fuzzy Hash: 6a34e699654f889377f56f728759c9ca821653aa60dbb0a22d128b5a66a78580
Instruction Fuzzy Hash: 47F0E520B04944AFEB1082D5DCF2FD72AC62790706F8000E4F3109E1E6E529AE609240

Function 201530F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0efb03e3201205445761f5a419252396fe216bfa041ab47eddf540921f590f14
Instruction ID: 46142ede57a449ee828a2c28643dc776a1601ce0abf337bdc4cc75499a1c61a1
Opcode Fuzzy Hash: 0efb03e3201205445761f5a419252396fe216bfa041ab47eddf540921f590f14
Instruction Fuzzy Hash: 60518171608600AFDB40EBA8FC45FDB7BE2EF95320F0945A8F1588B2B1E231DD559B41

Function 2014B6E0 Relevance: 12.1, APIs: 8, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e51066a97766b0f79a95aed17123675292b1ee75eb2a473685e242fc58493cc
Instruction ID: 3250fbfae10a41b91ef4db7c77a9411e8d486442199dbfb142ce6c1fad11fa07
Opcode Fuzzy Hash: 0e51066a97766b0f79a95aed17123675292b1ee75eb2a473685e242fc58493cc
Instruction Fuzzy Hash: F511E9F5C041107FD7049B64EC42F6B7BA9EFF2600F444464F84987261E736DB1992A2

Function 202673E0 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 369COMMON

Download Yara Rule

Strings

04 , xrefs: 20267464
sqlite_master, xrefs: 202673FD
sqlite_temp_master, xrefs: 202673F2
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 2026776D
ase, xrefs: 2026768D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: 04 $SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master
API String ID: 0-2598308896
Opcode ID: b12d3b733dce04ff443a5fce087b792b7e9d4da77e7ee83e8c8a839d35d341c7
Instruction ID: 5a30fb87c3f315330be79cb3dabe6d07e10267de7643e4040c334eef6ed605f1
Opcode Fuzzy Hash: b12d3b733dce04ff443a5fce087b792b7e9d4da77e7ee83e8c8a839d35d341c7
Instruction Fuzzy Hash: 91E1F3B0A087429FD311CFA4DC80B5ABBE4AF95304F10456EF9489B252E775EDE4CB92

Function 201A7920 Relevance: 10.8, APIs: 7, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction ID: 14420746da6df29593652095c94c672a1eb51ad16b1edc3e7810280829956a3e
Opcode Fuzzy Hash: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction Fuzzy Hash: 9FB1B0B5A04202ABC744DFA8CC81B9AB7E5FF98224F444529F948D3711E735EB64CBA1

Function 2014E260 Relevance: 10.8, APIs: 7, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2c33e1c682427ff8815d16526b2303be25972b63b599324886ff3b715f232c
Instruction ID: a7f4596df3a3b1065573aa5aba0670ef03120f1673617aa1279eed526e4df203
Opcode Fuzzy Hash: 1d2c33e1c682427ff8815d16526b2303be25972b63b599324886ff3b715f232c
Instruction Fuzzy Hash: 3BA13775E043508FD704CFA8C891B9BBBE5AF85318F080A6DF9949B262E335DF458B52

Function 20145930 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234COMMON

Download Yara Rule

Strings

unknown tokenizer: %s, xrefs: 20145B28
CREATE TABLE x(input, token, start, end, position), xrefs: 20145933
simple, xrefs: 20145A38, 20145A84, 20145A95, 20145B27

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(input, token, start, end, position)$simple$unknown tokenizer: %s
API String ID: 0-2679805236
Opcode ID: 4722c4f4061910a5567ba60ca4b56c208654439bc1a01433dcfded1adf3cce13
Instruction ID: 1b5b00573382de6d8d49b87ae9d65cc6bbe3ae33ae68b9b926d337b2912d316b
Opcode Fuzzy Hash: 4722c4f4061910a5567ba60ca4b56c208654439bc1a01433dcfded1adf3cce13
Instruction Fuzzy Hash: C571E5719043068FC700CFA8CC84A9AB7E9FF84258F044529ED49D7223EB75EB49CBA1

Function 2024F0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2024F1DC, 2024F31D
unable to delete/modify user-function due to active statements, xrefs: 2024F157, 2024F298
%s at line %d of [%.10s], xrefs: 2024F1EB, 2024F32C
misuse, xrefs: 2024F1E6, 2024F327

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: 8cb923346fc1305214fd70f831b1d131e75fa8e0c5afa761365f5545cbfb87ef
Instruction ID: 50329fd7663c645bc71506401eee33871387eb538a33d320aeff06ae906a065b
Opcode Fuzzy Hash: 8cb923346fc1305214fd70f831b1d131e75fa8e0c5afa761365f5545cbfb87ef
Instruction Fuzzy Hash: 6D617CB1E00B42BBE355CFA0CC46F977B94AF91304F00412AF919576C2E7B5E6748BA1

Function 201D44F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 208COMMON

Download Yara Rule

Strings

fts5vocab: unknown table type: %Q, xrefs: 201D46DE
instance, xrefs: 201D46BF
col, xrefs: 201D4679
row, xrefs: 201D46A1

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: col$fts5vocab: unknown table type: %Q$instance$row
API String ID: 0-195232091
Opcode ID: 475e7a25af5a58269283a2d4b79e83bb425a2d6b8cfd0688cfdf1a781bd220bc
Instruction ID: f2f7074089822ab4b843450aab35a8bca6afa3a018f009e50227daee218c9be6
Opcode Fuzzy Hash: 475e7a25af5a58269283a2d4b79e83bb425a2d6b8cfd0688cfdf1a781bd220bc
Instruction Fuzzy Hash: 48613C729059108BC70ADFA8AC46B9A3798BB46205F040538ED05D3731F738EF99DBA6

Function 201609C2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

cannot UPDATE a subset of columns on fts5 contentless-delete table: %s, xrefs: 20160B3B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: cannot UPDATE a subset of columns on fts5 contentless-delete table: %s
API String ID: 0-2869280805
Opcode ID: d12ae8f2eaaba2b73a9e83498b19fe25104c8c772c43afeed4075dae0181e110
Instruction ID: 517cbb8c81d21153c55e5f6cb8dd3650a7cf170393fb5f325b81baa093a8a0e0
Opcode Fuzzy Hash: d12ae8f2eaaba2b73a9e83498b19fe25104c8c772c43afeed4075dae0181e110
Instruction Fuzzy Hash: CD41ADB66013019FD7019FD8EC80AA7F3A4FF94265B004ABAFA4487611E772EE64C791

Function 20153F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 169COMMON

Download Yara Rule

Strings

remove_diacritics=2, xrefs: 20154021
separators=, xrefs: 201540A3
remove_diacritics=1, xrefs: 20153FA2
tokenchars=, xrefs: 2015406A
remove_diacritics=0, xrefs: 20153FE1

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
API String ID: 0-131617836
Opcode ID: f76e7ecea4fea5811095c3fa10d10c68705f11d4bbf3578fee75a53d7533a360
Instruction ID: aa76dc6ee657088cf18662bbff3eac42c9cc9747d8fdf7faf18d6376b16a82d4
Opcode Fuzzy Hash: f76e7ecea4fea5811095c3fa10d10c68705f11d4bbf3578fee75a53d7533a360
Instruction Fuzzy Hash: D7511676A041018BD300DF54C481BE6BFB1BB51328FA541A8F9566F286D732EF8E8B51

Function 20144CE0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 160COMMON

Download Yara Rule

Strings

wrong number of vtable arguments, xrefs: 201D3FA9
temp, xrefs: 201D3F91
,[5 , xrefs: 201D3F61
X[5 , xrefs: 201D3F69

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ,[5 $X[5 $temp$wrong number of vtable arguments
API String ID: 0-2551267082
Opcode ID: 8c949b5b50881694ffbdb613fc608d48eb1f83196bedd049ba3d8d04d0a0ac31
Instruction ID: b14a5d44ba9277795135cd932727074cafab32eab9319c108d2469c9c37da791
Opcode Fuzzy Hash: 8c949b5b50881694ffbdb613fc608d48eb1f83196bedd049ba3d8d04d0a0ac31
Instruction Fuzzy Hash: 5151CEB69043058FC718CF68D48199ABBF5BF99204F404A6DF68557312D332EB4ACB96

Function 20148C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 20148D35
winAccess, xrefs: 20148D60

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 0-1873940834
Opcode ID: 5d1189d93fe990c3746d58507b02839ce32b628a5ab746cf0baff1fff672988b
Instruction ID: 669063382a0f9befc2bef238630069757d2f7fa0127c7b54c98dfc869d0e1b2c
Opcode Fuzzy Hash: 5d1189d93fe990c3746d58507b02839ce32b628a5ab746cf0baff1fff672988b
Instruction Fuzzy Hash: 77414DB2D067819BC341AFE88C81A9EF7E4BBB5250F550A29F955525F0E730DB84C682

Function 2026E5B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 147COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2026E66B
%s at line %d of [%.10s], xrefs: 2026E67A
d., xrefs: 2026E6E7
tVj, xrefs: 2026E6F7
database corruption, xrefs: 2026E675

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$tVj$d.
API String ID: 0-1527448856
Opcode ID: 04da29a8cbaa47bbe467e11d02ec04b537941507c2f56db35e093f07302b1659
Instruction ID: 350f40b1178aacb42c664dbd5c9d1b2782179062b52c6125ac57c2eefe3547fc
Opcode Fuzzy Hash: 04da29a8cbaa47bbe467e11d02ec04b537941507c2f56db35e093f07302b1659
Instruction Fuzzy Hash: 674139715003129BCF119FE5DC81B5AB7F8AF60248F04846BF94486112E736F9BACFA2

Function 20259350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9271e602c0ed9f9b4ea765d6ad4a03540dca865c190d694a59f5aade70da87c9
Instruction ID: e40ef5dfb755068d0f5aaa7330313af37b951f340fe065226416cae234ebe99f
Opcode Fuzzy Hash: 9271e602c0ed9f9b4ea765d6ad4a03540dca865c190d694a59f5aade70da87c9
Instruction Fuzzy Hash: ED514470408A01DBDB065FB4DD49A2B3BBDBF14245F004425F906A2631FB3DE9E9EA76

Function 201E15C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 135COMMON

Download Yara Rule

Strings

JSON cannot hold BLOB values, xrefs: 201E16D9
null, xrefs: 201E15EE
%!0.15g, xrefs: 201E160A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!0.15g$JSON cannot hold BLOB values$null
API String ID: 0-3074873597
Opcode ID: d1fa4a9642012cca26eabbe51b3f164b6fd34509b444a6d7b48f3002d045b8f0
Instruction ID: cba44a592ae9c4aef5382594d695e9579488d372b41a779fd9980f1bf639adb0
Opcode Fuzzy Hash: d1fa4a9642012cca26eabbe51b3f164b6fd34509b444a6d7b48f3002d045b8f0
Instruction Fuzzy Hash: 4441BBB1A00F006BE3144BD1DC82BEE77F4EB65329F18052AF659C5183D3E99B9883E1

Function 20151D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

no such database: %s, xrefs: 20151E05
CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 20151E2C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
API String ID: 0-1404816483
Opcode ID: 86fd2a6a23ded0045a14409fbe0e6b78ee7e4e2e56b02a0f4100d6d4716a8c50
Instruction ID: 6a9a418362fddc05907f1299febae785be5486f6e48e44e7aee0437e398471fe
Opcode Fuzzy Hash: 86fd2a6a23ded0045a14409fbe0e6b78ee7e4e2e56b02a0f4100d6d4716a8c50
Instruction Fuzzy Hash: FC313B726003096BC3115FE9DC41B9BBBECFF95315F010565FD689B241EA7AEA148BE0

Function 201BC650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

PRAGMA %Q.data_version, xrefs: 201BC67C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.data_version
API String ID: 0-2870853266
Opcode ID: 5d67060ce6797dc4a401a75d373cbf8738ee57f9bfe2d909d576514273b30fa9
Instruction ID: 1d517e1be084022b63fad656409ff18460bd0c04434b4f998e9745ba130afb2a
Opcode Fuzzy Hash: 5d67060ce6797dc4a401a75d373cbf8738ee57f9bfe2d909d576514273b30fa9
Instruction Fuzzy Hash: 9D11F676B003049FD700EF59FC41696F7D1EFA8226F504539F90492210E732AA1D8BA2

Function 203105B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,67B5F5DE,?,203106F5,?,?), ref: 20310675

Strings

ext-ms-, xrefs: 2031061F
api-ms-, xrefs: 2031060B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: c3a2e6c87aa7ee0bb3568e8c2dc0d13e70916b425b83b4153b187d7d6de530dd
Instruction ID: ee3300e668b25e13d663aa8f4604216172213e7d0a25190567b614a205e7928f
Opcode Fuzzy Hash: c3a2e6c87aa7ee0bb3568e8c2dc0d13e70916b425b83b4153b187d7d6de530dd
Instruction Fuzzy Hash: F521E732905911ABD7169BE5CC84F8ABB5CEBC9370F110121FA05F72A1E674EE90DAD4

Function 20169CD0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 74COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20169CF1
API called with finalized prepared statement, xrefs: 20169CE5
%s at line %d of [%.10s], xrefs: 20169D00
misuse, xrefs: 20169CFB

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: 89164338874dce200e6e2d3eda458b0d783eceae4cea528da0f0af437d4687bb
Instruction ID: 338d0b4deb5cc7b2cdeb8931923116e9d9bd633c814cabef63072be28d922cea
Opcode Fuzzy Hash: 89164338874dce200e6e2d3eda458b0d783eceae4cea528da0f0af437d4687bb
Instruction Fuzzy Hash: C5113DA7B0061067D60156E8BC42FCF629CAFA152EF040076F904D6205E620BEE546F2

Function 201E31F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d3bb00e17cb72170a0bcaa0ea257fd513d8586bcc068d6b9c22898b82eceed
Instruction ID: 6ffcf7591ec962a8d674d1c0a70a4bbb95eb9b8df24300374de19540d2c8bfb1
Opcode Fuzzy Hash: 27d3bb00e17cb72170a0bcaa0ea257fd513d8586bcc068d6b9c22898b82eceed
Instruction Fuzzy Hash: EFF1F471A04B019BD701CF66C8C8BAEBBE0BF44324F54466DE99D87392E335EB458B91

Function 20164E00 Relevance: 9.2, APIs: 6, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29637310132f163718ca3635d13efc9d122f83047712741098df0a7bb6d5ff8f
Instruction ID: e77dab9cdf44e7a65c7415a056d0ce68271d02ccb9cbaa5c9a8d77e7eafb4b76
Opcode Fuzzy Hash: 29637310132f163718ca3635d13efc9d122f83047712741098df0a7bb6d5ff8f
Instruction Fuzzy Hash: D881C171508700DBD701DF98DC45BAB77E8FF84319F440429FA4497261E73AEAA8DBA2

Function 20156DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON

Download Yara Rule

Strings

recursively defined fts5 content table, xrefs: 20156DE2

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: recursively defined fts5 content table
API String ID: 0-437020801
Opcode ID: 627de9969087883454ea35fb9051df76e5e5de8876fc791ae1ef039d54df8498
Instruction ID: c5ef85b19f4a3111c2b1525fbb844846683470b6c0e31500dc0b23eaefef7f03
Opcode Fuzzy Hash: 627de9969087883454ea35fb9051df76e5e5de8876fc791ae1ef039d54df8498
Instruction Fuzzy Hash: BCD1F275904700CFC714CF59E891796BBE0FF89314F44095EE8A88F252D779EA89CB92

Function 201D6180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 335COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 201D6436
fts5 expression tree is too large (maximum depth %d), xrefs: 201D6349
NEAR, xrefs: 201D642A
expected integer, got "%.*s", xrefs: 201D648D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: NEAR$expected integer, got "%.*s"$fts5 expression tree is too large (maximum depth %d)$fts5: syntax error near "%.*s"
API String ID: 0-2846580575
Opcode ID: 2b56e5a805579198f7ebb56e96147861015c96fa87f5543c8c2d8fdfb77db144
Instruction ID: ebd84d7d733b48f36200ec2a0879a5e4793300970a2c724ab3264a905302cf54
Opcode Fuzzy Hash: 2b56e5a805579198f7ebb56e96147861015c96fa87f5543c8c2d8fdfb77db144
Instruction Fuzzy Hash: 58C1C0F2904206AFC7158FA0CC41F6AFBA8FF18314F158959E9459B302E375EA64CFA4

Function 2016C0F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 276COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2016C115, 2016C160
%s at line %d of [%.10s], xrefs: 2016C124, 2016C16F
database corruption, xrefs: 2016C11F, 2016C16A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: a3b95464bf516d8747480bb189171dc52fd9cfd5162e8b52d213e0555319354e
Instruction ID: 7d633d1a7c0b85e801222e45018520d2c6adb09d5ffb787af1e23d02665be7a7
Opcode Fuzzy Hash: a3b95464bf516d8747480bb189171dc52fd9cfd5162e8b52d213e0555319354e
Instruction Fuzzy Hash: 6AA180756043019BC704DFADDC80AAABBE1FF98214F44456DFD489B316E731EA15CB92

Function 20170F60 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 264COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2017126C, 20171278
D$7 , xrefs: 20171154, 20171198, 201711C3, 201711DB
%s at line %d of [%.10s], xrefs: 20171287
database corruption, xrefs: 20171282

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$D$7 $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2373571863
Opcode ID: 65c4a4e3493cb2cdd6e584931b69c4ee88efebb23573fb7f1c2b8b2ce90b748f
Instruction ID: 4f0c58a07e3edaf9d443d76f8aa70eabcea99647469ea853eb7a7b78c6c40a1b
Opcode Fuzzy Hash: 65c4a4e3493cb2cdd6e584931b69c4ee88efebb23573fb7f1c2b8b2ce90b748f
Instruction Fuzzy Hash: A9A1CE74504B01CFD716CFA8C884B6777F8BB50604F14846DE9468B236E739EB98CBA2

Function 201DE4B0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 218COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201DE57F, 201DE5B2
%s at line %d of [%.10s], xrefs: 201DE58E, 201DE5C1
database corruption, xrefs: 201DE589, 201DE5BC

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: afaf83cf8486fbb56e05a4ea34e7f619e6a1881d3cd32f0080afde2f7cc540c8
Instruction ID: 4cfb586e03765e847b6c054ebba9678c92a0f36b9f5ae1a0eccd65056c0f468e
Opcode Fuzzy Hash: afaf83cf8486fbb56e05a4ea34e7f619e6a1881d3cd32f0080afde2f7cc540c8
Instruction Fuzzy Hash: 957115726043455FC700DFA9D881AAABBE0EF54256F4445ADF994C3341E325FB58CBA2

Function 20170970 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 207COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20170A91, 20170B73
%s at line %d of [%.10s], xrefs: 20170AA0, 20170B82
database corruption, xrefs: 20170A9B, 20170B7D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: f71bb8e8cc0ecd20ca6aebec44780fc1d9c4ed1aa6b61d74e03e01d907800c34
Instruction ID: 629e7ad5db44421375eed64490041c79beb1a4a073c53c0809399bc6122c4f18
Opcode Fuzzy Hash: f71bb8e8cc0ecd20ca6aebec44780fc1d9c4ed1aa6b61d74e03e01d907800c34
Instruction Fuzzy Hash: 1561D0B5600300CFCB05DFA8D881F9A7BE0FB88614F0585A9ED499B322E771EE44CB91

Function 2023ABF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2023AE0E
unable to delete/modify user-function due to active statements, xrefs: 2023AD61
%s at line %d of [%.10s], xrefs: 2023AE1D
misuse, xrefs: 2023AE18

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: f874c4b65571f215f65bc0976b6d8d1fde59ce99663fd7a9bf94456bb7374482
Instruction ID: 84348c4941c804fe8c70d20ce3bd6af413826c1345412b515cec4b73396ea123
Opcode Fuzzy Hash: f874c4b65571f215f65bc0976b6d8d1fde59ce99663fd7a9bf94456bb7374482
Instruction Fuzzy Hash: EC51D0B2204305AFD710CFA5DC81B6BB7E9EF89715F04093EFA8596651D332E9218B62

Function 2013A230 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2013A45F, 2013A49D
%s at line %d of [%.10s], xrefs: 2013A46E, 2013A4AC
misuse, xrefs: 2013A469, 2013A4A7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 7ceee96a1c7fb1daeda246466486938becef98f2f9d27b133d91876449e17d74
Instruction ID: 1f5ba6c7b6ef2d98060165bd823fb12661a15fd58839a5540ff839f81351b548
Opcode Fuzzy Hash: 7ceee96a1c7fb1daeda246466486938becef98f2f9d27b133d91876449e17d74
Instruction Fuzzy Hash: E2711770604740AFD711CFA4CC85BDBBBE4BF54308F44442DE9598B282E775EA55CB92

Function 2014A860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

tables_used, xrefs: 2014A973, 2014A97B
stmt-pointer, xrefs: 2014A928
bytecode, xrefs: 2014A96E
argument to %s() is not a valid SQL statement, xrefs: 2014A97C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: argument to %s() is not a valid SQL statement$bytecode$stmt-pointer$tables_used
API String ID: 0-361449301
Opcode ID: 3655248d0a4d48fac70df108329e2842db502ddcd71364771036405ef9294c4b
Instruction ID: 13116744eef6d3a75b81881bf392fb3e3d5345a17ff25a52ee3817f4a19903ae
Opcode Fuzzy Hash: 3655248d0a4d48fac70df108329e2842db502ddcd71364771036405ef9294c4b
Instruction Fuzzy Hash: DF61B5719047019FE7108F64CC8579277F8FF44308F52092DE586CB6A2E779EA58EBA1

Function 20132AF4 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,203794C2,00000104), ref: 2032EFDB

Strings

Microsoft Visual C++ Runtime Library, xrefs: 2032F070
Runtime Error!Program: , xrefs: 2032EFA7
<program name unknown>, xrefs: 2032EFEA
..., xrefs: 2032F029

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: b0fa0161c92174918985c35b13653ad9d6be86ede664b78dfd0585941b624ad6
Instruction ID: 0b90a9db485be17b75655f1d75cf38831766eaeb5cb4368b63a1a2b499373a2b
Opcode Fuzzy Hash: b0fa0161c92174918985c35b13653ad9d6be86ede664b78dfd0585941b624ad6
Instruction Fuzzy Hash: 7F212532A00A017ED731A7E16C86FDB2BEC9BA9398F068536FC08D6156F725CF45C295

Function 2025BF00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON

Download Yara Rule

Strings

fts5 expression tree is too large (maximum depth %d), xrefs: 2025C070
NEAR, xrefs: 2025C03A
fts5: %s queries are not supported (detail!=full), xrefs: 2025C043
phrase, xrefs: 2025C035, 2025C042

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: NEAR$fts5 expression tree is too large (maximum depth %d)$fts5: %s queries are not supported (detail!=full)$phrase
API String ID: 0-593389478
Opcode ID: b954dad291274eabf837ec9f32f4436450afe1f3b7697c1121fcb1a31fd853b5
Instruction ID: 4c001d1f5dc3c50a0b80e2918139e02f69297b491c9875eac012145b7b1e0cb1
Opcode Fuzzy Hash: b954dad291274eabf837ec9f32f4436450afe1f3b7697c1121fcb1a31fd853b5
Instruction Fuzzy Hash: C84101716002029FC71D8EA4CC80B1ABBA4FFA5324F20456FF80587662E375ED69CB89

Function 201623D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 150COMMON

Download Yara Rule

Strings

database %s is locked, xrefs: 20162541
main, xrefs: 20162491
no such database: %s, xrefs: 201624B4
cannot detach database %s, xrefs: 201624C3, 20162547

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: cannot detach database %s$database %s is locked$main$no such database: %s
API String ID: 0-3838832555
Opcode ID: 367ee6803e0af4d886a50d119bd02b3640d7b27f62e1f36c31a6e76d24966ef4
Instruction ID: f6a9fe0a9eead27ad294351af2c53e10fd09465d41d8465b3bad6e7e9c17f659
Opcode Fuzzy Hash: 367ee6803e0af4d886a50d119bd02b3640d7b27f62e1f36c31a6e76d24966ef4
Instruction Fuzzy Hash: 4D5121B1A046009FD718CF85CC80F96B3E5BF98314F11855DE8588B392DB35EE61CBA2

Function 20164C00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

invalid arguments to fts4aux constructor, xrefs: 20164C9E
CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN), xrefs: 20164CCB
temp, xrefs: 20164C3E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)$invalid arguments to fts4aux constructor$temp
API String ID: 0-537686372
Opcode ID: f2adff250ec407b8a61d56ef86293a1583dfa29291d7e00f320580027f44d8fa
Instruction ID: c5291815e9496b16f11b215fee3708249b9f53524c409817c8508d5758f0f0d2
Opcode Fuzzy Hash: f2adff250ec407b8a61d56ef86293a1583dfa29291d7e00f320580027f44d8fa
Instruction Fuzzy Hash: E24127765012509FC7148F98DC81AE67FE0EF55224F1584A9FDD98B31AD732EF228B60

Function 2017F490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2017F4B0
unable to delete/modify collation sequence due to active statements, xrefs: 2017F533
%s at line %d of [%.10s], xrefs: 2017F4BF
misuse, xrefs: 2017F4BA

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 0-3348720253
Opcode ID: 97f73907d3858fce1b596c8c49026a9d537e1595bf5aca302950a21914d79ba3
Instruction ID: 29e481af18ed159df3a53705c800c71740bd08d5605fc08f415555aaebd5eb09
Opcode Fuzzy Hash: 97f73907d3858fce1b596c8c49026a9d537e1595bf5aca302950a21914d79ba3
Instruction Fuzzy Hash: 2B410A722043009BD700CF94EC81BABBBF4EF85315F14856EF6549B292D336EB558B51

Function 2016E030 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2016E0E8, 2016E11E
%s at line %d of [%.10s], xrefs: 2016E0F7, 2016E12D
database corruption, xrefs: 2016E0F2, 2016E128

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9a9753b88dba217be7611b9acbd038f38573b4079bf9698f53ecb3d9643dc6d7
Instruction ID: 9c639f76e7120a584d8143ec932003d54ce02f4cea2c475b2db1570d1ef3b149
Opcode Fuzzy Hash: 9a9753b88dba217be7611b9acbd038f38573b4079bf9698f53ecb3d9643dc6d7
Instruction Fuzzy Hash: CD4112716043015BD300DEA9DCC1BAABBE0EB91615F44467DF99582282E335EA6CDBA2

Function 2014C2B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

%!.*f, xrefs: 2014C3AE

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!.*f
API String ID: 0-786758813
Opcode ID: 0efd4ecf660c7e5e80cf57bb48e67e853d8ea330ba6c000a87a94feaa5725884
Instruction ID: 97c29293f61176b744c4f761db855d86768b4f7bb975401961d752e227bdb0c8
Opcode Fuzzy Hash: 0efd4ecf660c7e5e80cf57bb48e67e853d8ea330ba6c000a87a94feaa5725884
Instruction Fuzzy Hash: 89314F72D04E1087C3829FB8981369B77946FA1291F058765FC852B032EB399B5792F2

Function 2020EBD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON

Download Yara Rule

Strings

CREATE , xrefs: 2020EBFF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2020EC42
%s at line %d of [%.10s], xrefs: 2020EC51
database corruption, xrefs: 2020EC4C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$CREATE $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1360532505
Opcode ID: 915f435832e9f704ec31c1ae701c8ae1ecff84dcd6efcfb36be4be21af417db2
Instruction ID: 13e8a27d68567c76eb044b8d1e77455a542976f6abd26691dcf0a4ab83917a04
Opcode Fuzzy Hash: 915f435832e9f704ec31c1ae701c8ae1ecff84dcd6efcfb36be4be21af417db2
Instruction Fuzzy Hash: 54313CA25043C29AEF210E999C40BA67FD2AB65219F1400FBF9D58E243D72799E58B31

Function 20167050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

bad parameter or other API misuse, xrefs: 20167083
API call with %s database connection pointer, xrefs: 20167074
out of memory, xrefs: 20167059, 201670A2
invalid, xrefs: 2016706F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
API String ID: 0-453588374
Opcode ID: fd99779b8c021b09982d77df7c0fb15cb30ea880b361b47587d70a71b2e4f864
Instruction ID: 7f8cb6c2fa4952407d9445c9e11867c95b28aff61d90a6f56d0dbc1ea6e383e7
Opcode Fuzzy Hash: fd99779b8c021b09982d77df7c0fb15cb30ea880b361b47587d70a71b2e4f864
Instruction Fuzzy Hash: 91317EA1A0470087DB254FE49C06BDB23969F83314F39442AF5558B347E129EFA783A1

Function 201E93A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201E9446, 201E948A
%s at line %d of [%.10s], xrefs: 201E9455, 201E9499
database corruption, xrefs: 201E9450, 201E9494

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: e6c9ccb0d788595392493139fba6ee40d67dcdfc2306b002213dd7eaba16c49e
Instruction ID: 1730ce4474d9d33bdd6045b17fc29b2fa6a80c3355047c3ddc7342d9e0e89b17
Opcode Fuzzy Hash: e6c9ccb0d788595392493139fba6ee40d67dcdfc2306b002213dd7eaba16c49e
Instruction Fuzzy Hash: EB316D75600B504BC314DF69C8D0AB7BFF1AF54705B54809CE6C64B79AD332E946C750

Function 20174F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20174F62, 20174FF3
%s at line %d of [%.10s], xrefs: 20174F71, 20175002
database corruption, xrefs: 20174F6C, 20174FFD

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c3aedca8b9950edf0bdd2eaba65cd43d2028644e300e77ef451d091024a85f67
Instruction ID: 328e55717e0d9c881c158bbab9d08a3ac7820bb298d5e692f4889209eb9a47df
Opcode Fuzzy Hash: c3aedca8b9950edf0bdd2eaba65cd43d2028644e300e77ef451d091024a85f67
Instruction Fuzzy Hash: 1E3159722005416BC3009F69D981BE6BFF0FF59315F0882A6F558CB682D325EA60DBE0

Function 20141C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20141D3C
%s at line %d of [%.10s], xrefs: 20141D4B
misuse, xrefs: 20141D46
unknown database: %s, xrefs: 20141CBD

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unknown database: %s
API String ID: 0-142545749
Opcode ID: 2e587d8bf27d7044b1bc507858e6f393f4708922b924eb145ef8c6abf6190e7b
Instruction ID: e153da0c16621832d9bb99e4a9044ecd18048023dc31a95d77b911b859959805
Opcode Fuzzy Hash: 2e587d8bf27d7044b1bc507858e6f393f4708922b924eb145ef8c6abf6190e7b
Instruction Fuzzy Hash: C92178F1D00740ABD7109FA59C84FDB3BADAFD1358F00012CF968662A2D335AB158BB2

Function 20173FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2017407D, 201740A8
%s at line %d of [%.10s], xrefs: 2017408C, 201740B7
database corruption, xrefs: 20174087, 201740B2

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: d3670e1d4a98c9f0501cbec66c7325b03c8616287c51e2a8ebe70d1d3cfce8e4
Instruction ID: a75b2ee9ee7015ba5f29cd50774a1c0a395fe2ffaaff6bd914c848984549e269
Opcode Fuzzy Hash: d3670e1d4a98c9f0501cbec66c7325b03c8616287c51e2a8ebe70d1d3cfce8e4
Instruction Fuzzy Hash: E32125B3A002115BCB00DE88DC82AEB7BE0FB98611F418166FE44D7315E335EA4987E2

Function 2026C6F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

Strings

non-deterministic use of %s() in %s, xrefs: 2026C732
a generated column, xrefs: 2026C722
an index, xrefs: 2026C71D
a CHECK constraint, xrefs: 2026C714, 2026C72B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 0-3705377941
Opcode ID: 7783854b73ad74413feeca7772ecdd75a0bf3ff231aa4b939e44e9dc95402975
Instruction ID: 2839170ccd5de96606d328a22da616d0f94e2cce4c6c7fd7db7f3cfbe41767cb
Opcode Fuzzy Hash: 7783854b73ad74413feeca7772ecdd75a0bf3ff231aa4b939e44e9dc95402975
Instruction Fuzzy Hash: 362138705084129BD702AF68DC44FA5B7ACBF01365F100226F904D62B1E739D8E1DBA1

Function 201E9290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201E929C, 201E932A
%s at line %d of [%.10s], xrefs: 201E92AB, 201E9339
database corruption, xrefs: 201E92A6, 201E9334

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 67f6831755199288b4f6d01c32668534f6ee4c6dbc17d9fb221c29c825a0647f
Instruction ID: 4eb27f6b3eaf4804b7a802737c364e9917deb5dbb1590a1d58af62b36c4a655c
Opcode Fuzzy Hash: 67f6831755199288b4f6d01c32668534f6ee4c6dbc17d9fb221c29c825a0647f
Instruction Fuzzy Hash: 98214C25504F9057C3219FB888C1BE7BFF1AF25710B44449CE2D68779AE232FA858B90

Function 201533C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 201533D6

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
API String ID: 0-1935849370
Opcode ID: 99bf8b7f27b36e6a5721f43d834e3a8bad0c22c7b5b13a7b96a060831818b558
Instruction ID: 61456dbcff1781db9aa77d4d715e1ea6a81efc028ae6e2a213627f7ebc3dd440
Opcode Fuzzy Hash: 99bf8b7f27b36e6a5721f43d834e3a8bad0c22c7b5b13a7b96a060831818b558
Instruction Fuzzy Hash: 0601B5357042165BD301DF5DE841BCBB7E5EFD5311F058176F6049B240EB70AA8B8BA1

Function 20213E10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON

Download Yara Rule

Strings

SELECT count(*) FROM %Q.'%q%s', xrefs: 20213E26
Wrong number of entries in %%%s table - expected %lld, actual %lld, xrefs: 20213E6C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: SELECT count(*) FROM %Q.'%q%s'$Wrong number of entries in %%%s table - expected %lld, actual %lld
API String ID: 0-3026403748
Opcode ID: 593d0286f375cbb6d73f5eed9b823dd7ccec645c2f0f7b86c419e5c682842278
Instruction ID: becc73d7222fa9feabc2feb95c662155644f74390f87bc4d0eca967188b33b33
Opcode Fuzzy Hash: 593d0286f375cbb6d73f5eed9b823dd7ccec645c2f0f7b86c419e5c682842278
Instruction Fuzzy Hash: 5DF049B18003416BDF125FC0ACC1F2FBAE6BFE9610F05052EF18961113D325EAA086A3

Function 202E5BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,67B5F5DE,?,?,00000000,2033D1CB,000000FF,?,202E5B30,?,?,202E5ADF,?), ref: 202E5BF6
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 202E5C08
FreeLibrary.KERNEL32(00000000,?,?,00000000,2033D1CB,000000FF,?,202E5B30,?,?,202E5ADF,?), ref: 202E5C2A

Strings

mscoree.dll, xrefs: 202E5BEF
CorExitProcess, xrefs: 202E5C00

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 10a06f59adefabaa93376093012d823a274ebb9fa6fcddd80ec598f3bb86580d
Instruction ID: f55769c18ee122a64a0e6b5b233d9c7c3ede7086784e9d42e9875b7ba3ef08cb
Opcode Fuzzy Hash: 10a06f59adefabaa93376093012d823a274ebb9fa6fcddd80ec598f3bb86580d
Instruction Fuzzy Hash: 0E016C31954A29AFDB128F90CD44FAE77BCFB44715F400926F815A21A0D77C9940DA50

Function 20256A20 Relevance: 8.0, APIs: 5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7648f07462ff71f5730232b8953e4119a485ca15fc07e8ff1d551b6b1db1207
Instruction ID: a06abb1679bc066c97c6a846b694444eb3db91414b364a03c3c80bf208e03e5a
Opcode Fuzzy Hash: e7648f07462ff71f5730232b8953e4119a485ca15fc07e8ff1d551b6b1db1207
Instruction Fuzzy Hash: 290262B0908706CFD705DFA4DC48B16BBE4BF54304F04451EF94597261E778EAA8CBA6

Function 201BAF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d085cb2a8296519643b6a386cd7009942228e699e48782f359d3cf10991617ed
Instruction ID: c69628d110fc874b10d4c0c6d08a25928102529fa688e1cfb020322bcd2dfdbe
Opcode Fuzzy Hash: d085cb2a8296519643b6a386cd7009942228e699e48782f359d3cf10991617ed
Instruction Fuzzy Hash: D5A16E70905E00DBD7129FA4DC89B6A377CBF04246F040028F90596A31EB78EA94EBB6

Function 202573C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 2025751C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: fts5: syntax error near "%.*s"
API String ID: 0-498961494
Opcode ID: 53ee624156c901681d584b4656ab35e1db2ef26cb8eaf7c27871515f5c131e5c
Instruction ID: e1b9efe778a7ab0309de51ded35c5ed19632c4d7f4899507fe34786f63af5bfe
Opcode Fuzzy Hash: 53ee624156c901681d584b4656ab35e1db2ef26cb8eaf7c27871515f5c131e5c
Instruction Fuzzy Hash: 6AB1B1704447018FD325CFA4DC80B5ABFE8BF58348F54481EF88597251E778EA99CBAA

Function 201582E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

[%d], xrefs: 201584C7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: [%d]
API String ID: 0-394612830
Opcode ID: 698e9e5f3343253218c0938f8a6bb6a6599536f41f614dbeb36dc946de3fb3a1
Instruction ID: 15f8c1f24940427f42ced49c022cc078f2166c82e561652faabffee511ef9a6b
Opcode Fuzzy Hash: 698e9e5f3343253218c0938f8a6bb6a6599536f41f614dbeb36dc946de3fb3a1
Instruction Fuzzy Hash: 7A7128B1904701AFD720DFA0DC81FAB7BE9AF95704F44491DFA989A581E334EB0D8762

Function 20236180 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20236387
%s at line %d of [%.10s], xrefs: 20236396
database corruption, xrefs: 20236391

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7613714035e7b2f2bcc3e986ff3d77a902bf85bcb772849539a04946f29ebd4e
Instruction ID: 51cce155376f9bd90ccbdd932b596577a91f9afc6b7b4803d28becec0b73cd4c
Opcode Fuzzy Hash: 7613714035e7b2f2bcc3e986ff3d77a902bf85bcb772849539a04946f29ebd4e
Instruction Fuzzy Hash: BF71F3B16082018BDB00DF94CCC5BAA7BE8EF54314F95899AFC85CB252E335ED558B51

Function 201713A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 214COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20171459
%s at line %d of [%.10s], xrefs: 20171468
database corruption, xrefs: 20171463

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: fe32987d595caf9b529ac72c167953523913afb363a6c5f72777df86afeee6e1
Instruction ID: 834f570769af752b9e225055bb8d4d0793f9025e78105d9d2e2a8698501c35ef
Opcode Fuzzy Hash: fe32987d595caf9b529ac72c167953523913afb363a6c5f72777df86afeee6e1
Instruction Fuzzy Hash: 1B7107B26043009FC305CFA8C881B977BF5AF99314F158999F88ADB266D731EE45CB91

Function 20147D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

winShmMap1, xrefs: 20147DC5
winShmMap3, xrefs: 20147F1D
winShmMap2, xrefs: 20147E1F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: winShmMap1$winShmMap2$winShmMap3
API String ID: 0-3826999013
Opcode ID: a7de055bb585d248f2e480f4be64cdef8852c2c6eaaf8bb80a39549b8695ba06
Instruction ID: 58aa6d12f8411d59adcd3e08de658b5b828de027a66b2eccd43146155b41e6e7
Opcode Fuzzy Hash: a7de055bb585d248f2e480f4be64cdef8852c2c6eaaf8bb80a39549b8695ba06
Instruction Fuzzy Hash: B561DBB1A047019FD710CFA4CC81B67B7F9AF94704F01496DFA9697261EB34EA09CB92

Function 202E0FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 202E0FE7
CatchIt.LIBVCRUNTIME ref: 202E10CD

Strings

MOC, xrefs: 202E0FF9
RCC, xrefs: 202E1001

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: e2ec55f97eca8edbe43db9d368b20998b117a0861996e81941a8257a2c5bc90b
Instruction ID: 0e6a8b869c3789c1130a0109382914a3ecb9146ac4dd66259331e2cae15ab60b
Opcode Fuzzy Hash: e2ec55f97eca8edbe43db9d368b20998b117a0861996e81941a8257a2c5bc90b
Instruction Fuzzy Hash: 64415C7190025AEFCF09DFD5CD81AAE7BB5FF58300F54816AFA0867211D335AAA0DB50

Function 20173060 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20173092
%s at line %d of [%.10s], xrefs: 201730A1
database corruption, xrefs: 2017309C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9f6ee57e909fcc8b94795037e8589342504fc5f93839ce13d8ea5e5288cebfe5
Instruction ID: 6318f6e4bf3f9541096a90dafb18bcf26c9868e9d78b4bad3d805c12184478fd
Opcode Fuzzy Hash: 9f6ee57e909fcc8b94795037e8589342504fc5f93839ce13d8ea5e5288cebfe5
Instruction Fuzzy Hash: 5F61B0755083059FC704DFA8C881AABBBF4BF98704F40495DF98987352E735DA45CBA2

Function 2013DE5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180COMMON

Download Yara Rule

Strings

(join-%u), xrefs: 2013DFA1
(subquery-%u), xrefs: 2013DFB3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: (join-%u)$(subquery-%u)
API String ID: 0-2916047017
Opcode ID: c583ce6a3fb300953be9dc24938185ae61d9da8a6a530746afd4eabb007215df
Instruction ID: 9a220b1f0a60c1a11c50d8ab4877d99bc618cc6c85090bcda1b4dfd354385b38
Opcode Fuzzy Hash: c583ce6a3fb300953be9dc24938185ae61d9da8a6a530746afd4eabb007215df
Instruction Fuzzy Hash: EE510575A043008FCB18CFA4E8D1A677BE9BF95304F154AADFC5A4B206D635EA06CB91

Function 2020C640 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2020C785, 2020C791, 2020C7DD
%s at line %d of [%.10s], xrefs: 2020C7EC
database corruption, xrefs: 2020C7E7

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7978521bf80bf1ac5a6283c8cb16dbfd72a590e18aa9f894b242dba210333dbc
Instruction ID: a3dcf958b3148ee9f79b487c1632ffe7245b055a0cf13f380ba736bbc613c395
Opcode Fuzzy Hash: 7978521bf80bf1ac5a6283c8cb16dbfd72a590e18aa9f894b242dba210333dbc
Instruction Fuzzy Hash: 5D51B5B16083419FC304CF58C8D096AFBE5FFA9204F68599EE5859B312D331E959CF92

Function 201735E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201735EA
%s at line %d of [%.10s], xrefs: 201735F9
misuse, xrefs: 201735F4

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: c39d5bcf370dac737330d52f807870b8692ad1b0de16f97f7e4e1bce9353200b
Instruction ID: 17ab59a0e5651c36b06a1bfe112584ecfe602351b1452a49f1b978627140658c
Opcode Fuzzy Hash: c39d5bcf370dac737330d52f807870b8692ad1b0de16f97f7e4e1bce9353200b
Instruction Fuzzy Hash: B051C3F1A04314AFDB188F94CCC4B96BBB5BF14724F158159F9589B262D331EB50CB91

Function 201E96B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201E97E0
%s at line %d of [%.10s], xrefs: 201E97EF
database corruption, xrefs: 201E97EA

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 745c50cf1b49bc63c4b89b4ed9f9196f6011e5faf3736b89f04546938edac0be
Instruction ID: 4577ad107497688f2ec2df16834b78ffa741809351cb56c2542b2981ba1cea51
Opcode Fuzzy Hash: 745c50cf1b49bc63c4b89b4ed9f9196f6011e5faf3736b89f04546938edac0be
Instruction Fuzzy Hash: 38416D76A04B908FD3218FBD94406DBFFE0DF51211F1808AEE2D98B652D222E989DB51

Function 20140300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 201403FF
winWrite2, xrefs: 2014043B
winWrite1, xrefs: 2014045E

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 0-1808655853
Opcode ID: ce89c396746ffd92d38539a7e5795ef557e4f2c4685780dbd40883b0929ebac6
Instruction ID: b5db3e3b44957ad6db3dfe00d0bb84654db8bfcac69b458e35cfb745051c52de
Opcode Fuzzy Hash: ce89c396746ffd92d38539a7e5795ef557e4f2c4685780dbd40883b0929ebac6
Instruction Fuzzy Hash: DD414A71E047019FC3469FAACC809AFBBD8FB84210F550A2EFA15C6171D331DB858B92

Function 202B5960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202B5976
%s at line %d of [%.10s], xrefs: 202B5985
misuse, xrefs: 202B5980

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: b8c491197f0186eff04d05c50c5ddc434473a9282c1de3ed012e104f07efe706
Instruction ID: 730ec18eeeb04184676a72905fb923bb66cd228f523d2fdaa049b639e0187f4f
Opcode Fuzzy Hash: b8c491197f0186eff04d05c50c5ddc434473a9282c1de3ed012e104f07efe706
Instruction Fuzzy Hash: 0F410C729003159BD3108F94CC81B9AB7E8BF95350F94066AFD44AB241E335FAA4C791

Function 2020D2E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2020D2F7
%s at line %d of [%.10s], xrefs: 2020D306
database corruption, xrefs: 2020D301

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 985fd22068227b01abf4732c777edf4a4922f95122f306c86b1956edec4c8505
Instruction ID: 16033dc36e689a946aa3bc0e89baa213de2f116163431b9e56bed17b0af6d3ab
Opcode Fuzzy Hash: 985fd22068227b01abf4732c777edf4a4922f95122f306c86b1956edec4c8505
Instruction Fuzzy Hash: DC311CB25053016FD7118F94DC41F5BB7E9EF64264F04446AFE45A3222D732EE618F92

Function 202C8850 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 202C895F
os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 202C88E2

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$os_win.c:%d: (%lu) %s(%s) - %s
API String ID: 0-1037342196
Opcode ID: 72d6814386113141434950eacf632d3c8f970de40ee3e12af501eba7bd129e90
Instruction ID: d486bbea3a67cae063d6d921d2924f25dc48e3ad962d89cc9981bc50f72cdff7
Opcode Fuzzy Hash: 72d6814386113141434950eacf632d3c8f970de40ee3e12af501eba7bd129e90
Instruction Fuzzy Hash: 8A218B70608747AFD7209B94CC85BFBBBD9AFE4304F488D2EE68886552C2349D548793

Function 20175390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201753FE
%s at line %d of [%.10s], xrefs: 2017540D
database corruption, xrefs: 20175408

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 719ed57cbf99b23d41da849ea13ff0245549926f625ca46d266c2309666e7630
Instruction ID: d475bb65957a3b9c6b68699993f1be42bf43d90d8c2c125ccd53b2488ed65533
Opcode Fuzzy Hash: 719ed57cbf99b23d41da849ea13ff0245549926f625ca46d266c2309666e7630
Instruction Fuzzy Hash: B4318C6520074046D7218BB998407E6B7F0AF51712F44846EE6C6C76B2F3B2FAD2C3A1

Function 20257ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON

Download Yara Rule

Strings

no such tokenizer: %s, xrefs: 20257F1B
error in tokenizer constructor, xrefs: 20257F92

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: error in tokenizer constructor$no such tokenizer: %s
API String ID: 0-815501780
Opcode ID: cf707f82b11a5a22f5a81b6852ab52952bee6d68ef460de474b59f935627d5da
Instruction ID: fef1ea60389501216b7ee732837febcf5ed91ec7d9d7bd50227f5f902193f81e
Opcode Fuzzy Hash: cf707f82b11a5a22f5a81b6852ab52952bee6d68ef460de474b59f935627d5da
Instruction Fuzzy Hash: 2931A0766412158FC724CF59E880B6ABBE4EF84615F1405AEE9489B700E332ED198B65

Function 20174130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201741A3, 201741EE, 201741FE, 2017424E
%s at line %d of [%.10s], xrefs: 2017425D
database corruption, xrefs: 20174258

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 71c423b4c26745cb5c8ad8e15c35d4692e1e5fe065eff255360042802e013632
Instruction ID: 33ba90326682b4c828e3a255b12b3daaed4aa8d809cb1789c5f80f5b7b924894
Opcode Fuzzy Hash: 71c423b4c26745cb5c8ad8e15c35d4692e1e5fe065eff255360042802e013632
Instruction Fuzzy Hash: D731A232A0836117C314DA5DA8918F5BBF1FB81206B05C66EF9D19B196C73CEB58C7D0

Function 20181420 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2018146B
%s at line %d of [%.10s], xrefs: 2018147A
database corruption, xrefs: 20181475

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: cd3543492aec95dd493bb86bc3cdc33bbe8587f7bd1e148a58776afcefef8b91
Instruction ID: 097e859ec861a2f18ec25319ff2828fe77edb80634e8d7872ed22d9f1a4f8400
Opcode Fuzzy Hash: cd3543492aec95dd493bb86bc3cdc33bbe8587f7bd1e148a58776afcefef8b91
Instruction Fuzzy Hash: F531C0B66053418FC310CF69D980E67FBE4FF95215F04859EE4868BA43D731EA49CBA0

Function 201F0010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201F008C, 201F00C2, 201F00FE
%s at line %d of [%.10s], xrefs: 201F009B
database corruption, xrefs: 201F0096

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1b7ec11ec44515e1f43c5fd85cd57a1aa0a7703d34edd2c10e610502242d0bf0
Instruction ID: a954c0f78482467d4e22f9a93977cc21825701e4a00b128b4f11b3583d37359e
Opcode Fuzzy Hash: 1b7ec11ec44515e1f43c5fd85cd57a1aa0a7703d34edd2c10e610502242d0bf0
Instruction Fuzzy Hash: AA3169712087908BC312CF588CD09A6FBE1FFD5255B08895EF595CB382C235EA49CBA2

Function 2013F000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

second argument to nth_value must be a positive integer, xrefs: 2013F0C4

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: second argument to nth_value must be a positive integer
API String ID: 0-2620530100
Opcode ID: 3e28f571198865e8c684c8b772fc953c91400ce4f4d5f40e899c09deaa78b204
Instruction ID: a37a3f67a37e097a0b8ee7912cd406d9e076d43c10932b47aca64478be1ebfc5
Opcode Fuzzy Hash: 3e28f571198865e8c684c8b772fc953c91400ce4f4d5f40e899c09deaa78b204
Instruction Fuzzy Hash: 69314E729003119BD7109F98DC4275A77E1BF60320F14466DF954A6193E732EF549692

Function 201505D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

Strings

rbu(%s)/%z, xrefs: 20150697
rbu/zipvfs setup error, xrefs: 2015061A

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: rbu(%s)/%z$rbu/zipvfs setup error
API String ID: 0-199214844
Opcode ID: 6ea6aeb57e9539efd03294e15fc72ce00e886eba8f3ed6493d54d6fb915bc8d1
Instruction ID: 17b25f4bf3dadde29d73f8dcee58920791d563dbf8fbb69de85a110f505b4d44
Opcode Fuzzy Hash: 6ea6aeb57e9539efd03294e15fc72ce00e886eba8f3ed6493d54d6fb915bc8d1
Instruction Fuzzy Hash: ED21E4B26003059FD7108F99DC80B96BBE5EFC8320F11447EE9598B212D772ED188B55

Function 20175280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201752F2
%s at line %d of [%.10s], xrefs: 20175301
database corruption, xrefs: 201752FC

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 35713eca15366ab5511f943e9000bb30c1a66ef22c951edbe3c7a1abe242c7fb
Instruction ID: e6466409f0fd72d9c9b016e26a929c7f58652ec2695bd0c27ff5734b93a0bfa2
Opcode Fuzzy Hash: 35713eca15366ab5511f943e9000bb30c1a66ef22c951edbe3c7a1abe242c7fb
Instruction Fuzzy Hash: 3211387360020067CB105BC9BC41DDBBFA5EFD42B6F094566FA0856122D733EA21D7A1

Function 20298490 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 202984C1
%s at line %d of [%.10s], xrefs: 202984D0
database corruption, xrefs: 202984CB

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9c4cdf751b03e2a231cdd7ef9b24fec9d2c01267eb603fa428eeda83aa945b24
Instruction ID: 56d510862fc387f992dec3b2ac32f5938b9a572cc0d383fd3382deec426e166c
Opcode Fuzzy Hash: 9c4cdf751b03e2a231cdd7ef9b24fec9d2c01267eb603fa428eeda83aa945b24
Instruction Fuzzy Hash: 042107762007059BD7208F98DC80B97B3E4EF94311F29482FF94997B52E331E9598BA1

Function 2017FD60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2017FDE6, 2017FE61
%s at line %d of [%.10s], xrefs: 2017FE82
database corruption, xrefs: 2017FE7D

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1957249559a219cb0f5b62b15f21e67d50c07879eb510c077b3824025ce7262d
Instruction ID: 0b15a8479fde3658d396fefcf4a7349820bd099b96d38ea02d884d5745b050cd
Opcode Fuzzy Hash: 1957249559a219cb0f5b62b15f21e67d50c07879eb510c077b3824025ce7262d
Instruction Fuzzy Hash: 0A310AA81143818AD3298FA4C080766BAB1BF15308F24C5CDD4489F767E3BBC9C7DB96

Function 2013B220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2013B229
%s at line %d of [%.10s], xrefs: 2013B238
misuse, xrefs: 2013B233

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 2dfcfb82fd0bde4b26a3f542541e7289dfff89fab9f78571f322be37feb81a88
Instruction ID: b8ae58b00226afc924254f5b842d54fe4cbe6281585ad72ce4883b038f25980e
Opcode Fuzzy Hash: 2dfcfb82fd0bde4b26a3f542541e7289dfff89fab9f78571f322be37feb81a88
Instruction Fuzzy Hash: 2C11D2B1600701ABD701ABA99CC5F9B7BBDAFD4214F45452CFA15A3212FB30FA5487A2

Function 2018D6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

%s%s, xrefs: 2018D725

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s%s
API String ID: 0-3252725368
Opcode ID: 8b8a19a1a56bdbdc4f0fdd8697081584b8ed5c5ab6e66931e750b6eb5dc274d1
Instruction ID: 10b644ed2debf8ef8a19d508da80155e204344619461704425932f946601186e
Opcode Fuzzy Hash: 8b8a19a1a56bdbdc4f0fdd8697081584b8ed5c5ab6e66931e750b6eb5dc274d1
Instruction Fuzzy Hash: ED119675504610DBE7025B95DC84B9733BDFF8025DF040129F908D7225E7399B94DBB2

Function 20256140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

CREATE TABLE %Q.'%q_%q'(%s)%s, xrefs: 20256175
WITHOUT ROWID, xrefs: 20256150, 20256162
fts5: error creating shadow table %q_%s: %s, xrefs: 20256197

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: WITHOUT ROWID$CREATE TABLE %Q.'%q_%q'(%s)%s$fts5: error creating shadow table %q_%s: %s
API String ID: 0-1971204597
Opcode ID: 4e3c0ac37fbfc7bf3a9e416fffe9c105c74c2fa08af4d09bf07b87f277f72b45
Instruction ID: fcb2322533e4cf580f409ee8d9e70a58ee9f93f1fb1ba67fef0de4d45446b628
Opcode Fuzzy Hash: 4e3c0ac37fbfc7bf3a9e416fffe9c105c74c2fa08af4d09bf07b87f277f72b45
Instruction Fuzzy Hash: F311A5716045019FD7024F98DC88E2B7BB8FB88359F00442DF905D6231E735C9A9EBB6

Function 201DA6B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201DA6C3
%s at line %d of [%.10s], xrefs: 201DA6D2
database corruption, xrefs: 201DA6CD

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: b0f201723e72478304cc9c1f76eade417229b193f92ffdb838853b01990ff3b6
Instruction ID: 1b97dd304e8f1e042535f31ea387aa9f33b8c3010569a6e7c5f8004f34a5297d
Opcode Fuzzy Hash: b0f201723e72478304cc9c1f76eade417229b193f92ffdb838853b01990ff3b6
Instruction Fuzzy Hash: 7711BFB26042019FD700DF99DC80F9BB7E9EFD4220F4408A9F6449B2A1D332AD45CBA2

Function 20174DA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20174E18
%s at line %d of [%.10s], xrefs: 20174E27
database corruption, xrefs: 20174E22

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 769e8b39554470d2a5368f50d482e35dfe948152ff4e918d2aed3bca2492bc95
Instruction ID: 5279d42591f9679d892e4c6f1f68e502604adf5dc0c2d55e884ff7be0226fdd4
Opcode Fuzzy Hash: 769e8b39554470d2a5368f50d482e35dfe948152ff4e918d2aed3bca2492bc95
Instruction Fuzzy Hash: 541151B2601311DFC310DF98D881ACABFE5EFA4765F15849AF5489B221D332E946CB91

Function 20142380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201423FC
%s at line %d of [%.10s], xrefs: 2014240B
misuse, xrefs: 20142406

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 6623ec27722fe5517cef90e8566f5729c14219bf01a1ca2971573a2c11d7e7c0
Instruction ID: 7f60c6cd66403f36f8a9297621dbec27b3fb02a9a67a5135bdac1223612dbe74
Opcode Fuzzy Hash: 6623ec27722fe5517cef90e8566f5729c14219bf01a1ca2971573a2c11d7e7c0
Instruction Fuzzy Hash: 7811AC716042029FD708CF4CDC90F9ABBA4BF98704F424098FA419B266D731EA86DB90

Function 2014F8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

integer overflow, xrefs: 2014F8ED

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: integer overflow
API String ID: 0-1678498654
Opcode ID: df7b077e5e9e10f1cc76bb8fb5adc7d502f6adad3e69a5f39d3405b1c70f352c
Instruction ID: 57afe5b747f7091882965a512acc4caeb134109c25a387e1acf9c90e1b6785b8
Opcode Fuzzy Hash: df7b077e5e9e10f1cc76bb8fb5adc7d502f6adad3e69a5f39d3405b1c70f352c
Instruction Fuzzy Hash: 45119072C046116ADB41AFA4EC05B8A77A16F22328F05079DF4545E2B2E77186D5C7D2

Function 201E1F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

JSON path error near '%q', xrefs: 201E1F92

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'
API String ID: 0-481711382
Opcode ID: a5ef83ea969da7515b0da7f4e880aea9afee68f7dbcecf6ed3cf1f75fcb1ecd1
Instruction ID: 8471c048c8dbe305d6f234a9e4947c9a7718eb0fdf541900f39ea7d3a9d6dc2a
Opcode Fuzzy Hash: a5ef83ea969da7515b0da7f4e880aea9afee68f7dbcecf6ed3cf1f75fcb1ecd1
Instruction Fuzzy Hash: 30012672609210BFDB289B948C01BDB7BD4DF51330F20066CF999962D1DB71EE0583E2

Function 2015F0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 2015F105

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: 2ba197df04e764177dac7cb4833c7866fd9839dc03b84539d8f419fd811b0a09
Instruction ID: d45fde62ecf506d8a55ecbf5ff06f7949e28d3c9216ec43825a931e85a21ea99
Opcode Fuzzy Hash: 2ba197df04e764177dac7cb4833c7866fd9839dc03b84539d8f419fd811b0a09
Instruction Fuzzy Hash: C901B1363046419ED36186AEFC80FD7BBE8EBD4224F08046EF5ADC7201D361AC8983A1

Function 20141DF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20141E53
%s at line %d of [%.10s], xrefs: 20141E63
misuse, xrefs: 20141E59

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 1615f9b8ec15488585bfa954e64320183b338e111b6d46cb9d75e1da47114ed4
Instruction ID: 5dcdbd2509c11dc5e769fb05a491f676a1a0e3d2b622e950687c0673d0e624d1
Opcode Fuzzy Hash: 1615f9b8ec15488585bfa954e64320183b338e111b6d46cb9d75e1da47114ed4
Instruction Fuzzy Hash: 5B11E378A089509FD305CFA8D844F87BBA8BF46604F050059F955FB332D339EA05C7A2

Function 20160D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 20160D87

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: e6ddba58d052fcb4b7592ab15f2410307ac99ba21fcd964371f4e3a4c42cf66a
Instruction ID: 67db0bb75707e0cb175a67fca24dfe8ecb50e16240ff52a798212aa4bfae4cd5
Opcode Fuzzy Hash: e6ddba58d052fcb4b7592ab15f2410307ac99ba21fcd964371f4e3a4c42cf66a
Instruction Fuzzy Hash: A5018C72204200AFE3519BDDEC80F93B7E9EB88728F144568F68DEB280D7B2ED458754

Function 2013EF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2013EFA6
%s at line %d of [%.10s], xrefs: 2013EFB5
misuse, xrefs: 2013EFB0

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 4ded666eaa498c3353deda87fe9ff859a048ef5c00b57041c5678ad3d8e78b01
Instruction ID: af65c68e447888c74c47cddb0e7f9727d3ed85b4b91f5d1464ea3f0d16f42387
Opcode Fuzzy Hash: 4ded666eaa498c3353deda87fe9ff859a048ef5c00b57041c5678ad3d8e78b01
Instruction Fuzzy Hash: 5E01F5B1A0AB11DFE7018F48DC04B8A3BE9BF85708F054058E5046B3B1E375E886CBD2

Function 201A9180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

%s_stat, xrefs: 201A9192

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s_stat
API String ID: 0-920702477
Opcode ID: 38f3a9c0c0e93d506cfdae5added560b1fe7f01b3f6a8e7359572cea397b1f98
Instruction ID: 0a3d9bcb8600231f3a4e8d8de829528b7b7b74909088c971225c970563914634
Opcode Fuzzy Hash: 38f3a9c0c0e93d506cfdae5added560b1fe7f01b3f6a8e7359572cea397b1f98
Instruction Fuzzy Hash: A4F02032A082527BE70046F9BC81B8AEBD9BBA4174F584625F40CA2158C326ADE183D1

Function 20157F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN), xrefs: 20157F76

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
API String ID: 0-3072645960
Opcode ID: f01d428ab8652fefeb0976afc2ecc0efd90573846661f0cd52a3d98e372f9f6b
Instruction ID: 8c2e9d6996c10885b84d1f7ae4b31d7875ea3c3204744702ea1e8f529b9e9d36
Opcode Fuzzy Hash: f01d428ab8652fefeb0976afc2ecc0efd90573846661f0cd52a3d98e372f9f6b
Instruction Fuzzy Hash: DEF024326043028AD7109F99FC03BC9BBD0AFE0321F15013AF8649A290E760DE8987A1

Function 201700B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 201700DB
%s at line %d of [%.10s], xrefs: 201700EA
database corruption, xrefs: 201700E5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 863fe5947ced138983840ff800efffbdc20b5860236c495ff434c4426f4a4b99
Instruction ID: efa8736d249f99ea2f5bf317bb6318200ba806a5dd4352cfe88f3226d910960a
Opcode Fuzzy Hash: 863fe5947ced138983840ff800efffbdc20b5860236c495ff434c4426f4a4b99
Instruction Fuzzy Hash: B4E06D60340300ABD701CAA4C9C1FDB7BA17B54750F468094F5009B276EB21EEC0D760

Function 202E066B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,202E0513,?,?,?,?,?,?,202E07BD,00000003,FlsSetValue,20357770,20357778), ref: 202E0678
GetLastError.KERNEL32(?,202E0513,?,?,?,?,?,?,202E07BD,00000003,FlsSetValue,20357770,20357778), ref: 202E0682
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 202E06AA

Strings

api-ms-, xrefs: 202E068F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 45be209d78c646ecbbbdf0231e199ef38dba5dd0dd099f9a8cdfc2d189466010
Instruction ID: bb2b714a2f286528e73a7eeeac2ee7774bcf97fde13ab5ee944b1f398ecb280f
Opcode Fuzzy Hash: 45be209d78c646ecbbbdf0231e199ef38dba5dd0dd099f9a8cdfc2d189466010
Instruction Fuzzy Hash: FDE09230284606B7EB111FA1DC45B083F5CAB90740F904420FD0CE41B2E771A9F19948

Function 2026C1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2026C1F0
%s at line %d of [%.10s], xrefs: 2026C1FE
misuse, xrefs: 2026C1F9

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: d121f561566e854f25c4e8853f46bd75ef6244d4ba4dfeb771d626c65423785b
Instruction ID: 57392ae38b8365e5d0580beceb2f085d69de1f8b9da304020c1d8746a588684b
Opcode Fuzzy Hash: d121f561566e854f25c4e8853f46bd75ef6244d4ba4dfeb771d626c65423785b
Instruction Fuzzy Hash: B2B09BA5510A44B7DB0011C58CC3FCA5C1177E870EF858094F7556D2BDD07651545551

Function 2023A570 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 2023A570
%s at line %d of [%.10s], xrefs: 2023A57E
database corruption, xrefs: 2023A579

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 552f1905f65b460374e28d329df0bc3b611e145852beb66381e985c3e32464e0
Instruction ID: 609f4703b439e643d2f395a6ff548284af2acdc9e2f26e9b6b7501fab88ea912
Opcode Fuzzy Hash: 552f1905f65b460374e28d329df0bc3b611e145852beb66381e985c3e32464e0
Instruction Fuzzy Hash: 81B092AA50020073DA0022D58DC2FCB3C107B68A08F868894F2192A2BAE236A5588A92

Function 20236B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 20236B50
%s at line %d of [%.10s], xrefs: 20236B5E
cannot open file, xrefs: 20236B59

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$cannot open file$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1799306995
Opcode ID: 218b8335acd250c305246affa8803bfa3471030a9bbb58fa6c4f7ff5776d5618
Instruction ID: eda672bfaac957d8659340fff8c8b5d559cd38ca61e977888e677e47654c3fa4
Opcode Fuzzy Hash: 218b8335acd250c305246affa8803bfa3471030a9bbb58fa6c4f7ff5776d5618
Instruction Fuzzy Hash: 3EB0929650028077DA402AD5CC83FCB2C117768A08F8988D4F659392BEE0A7E1988A92

Function 201925E0 Relevance: 6.4, APIs: 4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7a4dbc67576c098f9d526d4a60c8ca1b33f5706242a4f94d98196c34421922
Instruction ID: 2872e12b96d41d944b646717c1f4a38ffa2f95267db37e4b415488e72832a51a
Opcode Fuzzy Hash: 4d7a4dbc67576c098f9d526d4a60c8ca1b33f5706242a4f94d98196c34421922
Instruction Fuzzy Hash: 89D1A171A08A05DBD709DFA5CC88B5A77ACFF04305F000529F905D2672FB39DA99DBA2

Function 203267F5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(67B5F5DE,00000000,00000000,?), ref: 20326858
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 20326AAA
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 20326AF0
GetLastError.KERNEL32 ref: 20326B93

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: f235a564b155c55314140d527e1a8a53a8147ab057404ae3277b8e30ea2501df
Instruction ID: eae07a3ba109ba69393611c7f032abfe18bc6201da557e67b75ed104c82bcf58
Opcode Fuzzy Hash: f235a564b155c55314140d527e1a8a53a8147ab057404ae3277b8e30ea2501df
Instruction Fuzzy Hash: 46D178B5D05A48AFCB05CFE9D880AEDBBB9EF49300F24456AE516EB351D630AD42CF50

Function 201D8EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96eaa5bc4637c2bf9e788ad5ef556755b6ba05d225d9a43080c8d595b3bee87
Instruction ID: 37510a808f8d36de01be46100aef383cacf127fa19c7602eb1b17df83391654a
Opcode Fuzzy Hash: f96eaa5bc4637c2bf9e788ad5ef556755b6ba05d225d9a43080c8d595b3bee87
Instruction Fuzzy Hash: BB5124736043914BD7218FF4A8457DAFFE89F51210F084AA9F9C4CB34AE269DB89C361

Function 20157DA0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a5547ce6c6984d6440e4b4468494efc813ad3d827e7f202303d6459a3c78d44
Instruction ID: e512e22e1e76685f03bb45d0dbd6100dd80723cd5c03c0aa59e7c790a51672d2
Opcode Fuzzy Hash: 8a5547ce6c6984d6440e4b4468494efc813ad3d827e7f202303d6459a3c78d44
Instruction Fuzzy Hash: CD41DD322007019FD364CF98E982A52FBE1FF94324F10456EE9568BA62D772FE55CB50

Function 2015CAE0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3350012459c942d956b4df10b0466da5caa6466a7c2db973524e7fe5c24bc15e
Instruction ID: 6c4e8879b0ce4f1e2abac35fba13deebfbac9515b5cb0f983e0a9b7a7e3723ab
Opcode Fuzzy Hash: 3350012459c942d956b4df10b0466da5caa6466a7c2db973524e7fe5c24bc15e
Instruction Fuzzy Hash: AE31AEB26043019FD714DFA8D881B96B7E4FF943A1F00097AF918CB651E321EE58DBA1

Function 2015B1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction ID: 6c7d1dc4daecbac1984b5392153945107291265cc2744a2fd72e1db4f60f28a4
Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction Fuzzy Hash: 2731C4B1504B419FD320CB95E8807DBBBF0BFA5314F04496DD4AA8A901D3B1FA8CC7A1

Function 201CCFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction ID: 43e16e309d59831ace2a26f391edfa7cf3e5069b170dc3465fabd409f37e17ec
Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction Fuzzy Hash: 6621B0715007059FD750EFA8C881B9ABBF0EFA8340F50482DF985D3222E731EA588F92

Function 2032F4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 2032F4E0
GetLastError.KERNEL32(?,?,?,?), ref: 2032F4ED
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 2032F513
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 2032F539

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: cfd8c38fdc0ace64cfac0889291ab81c60707d75b7a070ca1f9668f403533d7d
Instruction ID: 9ea75e6b83f91517d4bc50689d59362b7603b36d909d391cf0b242e87cfbc117
Opcode Fuzzy Hash: cfd8c38fdc0ace64cfac0889291ab81c60707d75b7a070ca1f9668f403533d7d
Instruction Fuzzy Hash: F4114271804A19AFDB019FA5DC08A9F3F7DEF41760F208554F824A61A0E7719A80EBA0

Function 20132ABD Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 20331382
GetLastError.KERNEL32 ref: 2033138E
___initconout.LIBCMT ref: 2033139E

Part of subcall function 20331303: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,203313A3), ref: 20331316

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 203313B3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: 0a5f65d93aff31292534d40a0c0331358e53e5f6acb6f72f659c8d2d028c8889
Instruction ID: 1e3ade3e39b08f722ed0bd95bce5a78470b47977539cd4e65e33f3b7c90a88ca
Opcode Fuzzy Hash: 0a5f65d93aff31292534d40a0c0331358e53e5f6acb6f72f659c8d2d028c8889
Instruction Fuzzy Hash: 02F0303A504929BBCF131FD5CC45A8A3F6AFB482B1F018410FA1995531EA3A8DA0BBD0

Function 2014E6C0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

B4 , xrefs: 2014E751
B4 , xrefs: 2014E748

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: B4 $B4
API String ID: 0-1445562929
Opcode ID: 2a94bd20fcccad73715d6cff7b22303d811411c7a666a5d3c28f124288545def
Instruction ID: 83d66e05040fdea7c7eda056838c84ee14cdeb9ad9a10b3ea64225b365794746
Opcode Fuzzy Hash: 2a94bd20fcccad73715d6cff7b22303d811411c7a666a5d3c28f124288545def
Instruction Fuzzy Hash: AAB11731D083518FD7058FA8C4906ABBBE2BB86268F14066CE9D55B2B2D731DF86C791

Function 2014BE80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 2014C1B5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: b42cf200f4fcce5f64d7de09139927cbb89bbe0db15bf4ea31bc383606cd61b3
Instruction ID: bc354c44cabbdc5b1c40e8f9a2f82069e11825e471450d712b1059c61c2b5317
Opcode Fuzzy Hash: b42cf200f4fcce5f64d7de09139927cbb89bbe0db15bf4ea31bc383606cd61b3
Instruction Fuzzy Hash: 36A17979D04745CFD3448FA88C917A6B7E1AF95220F140B5DF5A4873F2E770CB858AA1

Function 2015DB30 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

P , xrefs: 2015DD3E, 2015DCC0, 2015DCC4, 2015DD42

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-833998527
Opcode ID: 2260bd61dec7a017985387412cb757202c74932b2be698d41abc209cd98791e8
Instruction ID: a8658e73b9123d2c4ee6894625efb80460d1de3a7d497bd394a4379e6998e9c2
Opcode Fuzzy Hash: 2260bd61dec7a017985387412cb757202c74932b2be698d41abc209cd98791e8
Instruction Fuzzy Hash: D791F5719043449BC720CFE0C881B9B7BF9AF95314F15096AF8688F242E735EA59CB92

Function 202B7300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON

Download Yara Rule

Strings

-, xrefs: 202B7538
%!.15g, xrefs: 202B75C3

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %!.15g$-
API String ID: 0-583212262
Opcode ID: 6a7b3fa36c08db84bbaff6657ebb49b4f923a16e2c7cb8a2960677227b0af21b
Instruction ID: 42bc0b77cfc715b0ea89a57770aaa42ea80743fef10c7b85c7820b2735673712
Opcode Fuzzy Hash: 6a7b3fa36c08db84bbaff6657ebb49b4f923a16e2c7cb8a2960677227b0af21b
Instruction Fuzzy Hash: 1C918970A083428FD304DF6CD89175AFBE0EBC8344F44492EE988CB351E7B9D9098B92

Function 2017CBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 2017CE39

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 2129900c895101a88be5f636b3dfa840c456b140050f35987e1521f78aa87e52
Instruction ID: f8cf68ce053f77fd7906102ff5795dc0f7fff88a178593459fdba71400a66167
Opcode Fuzzy Hash: 2129900c895101a88be5f636b3dfa840c456b140050f35987e1521f78aa87e52
Instruction Fuzzy Hash: 09812471A043018FE314CFD8C881B96B7F5AF94310F25896DFA48972A2E375EB448BD2

Function 202578F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON

Download Yara Rule

Strings

?, xrefs: 2025794A
*, xrefs: 20257982

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: *$?
API String ID: 0-2367018687
Opcode ID: dda8294d65c3b48ebe12302ae10451199b1934a75ea9985eb87092cc65f76739
Instruction ID: 27c9f17174bdaf165fc47a6eff7c91cf19d319269329f3262a44e5e5c5181b8c
Opcode Fuzzy Hash: dda8294d65c3b48ebe12302ae10451199b1934a75ea9985eb87092cc65f76739
Instruction Fuzzy Hash: 0B7126706483428FD7298FA8DC8071FBFE6BF85200F04496EE98587312E735DA598BA5

Function 2014C8E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

Strings

LIKE or GLOB pattern too complex, xrefs: 2014C94F
ESCAPE expression must be a single character, xrefs: 2014CA43

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 0-264706735
Opcode ID: 32dfd009aa19461679aa8f1a05416d7e217d5493d2f40d55491fad702fc5369d
Instruction ID: c9a380397233ae1f4c75a2dc72363edb5157286eeb3f7b4377762eeb4a6fa839
Opcode Fuzzy Hash: 32dfd009aa19461679aa8f1a05416d7e217d5493d2f40d55491fad702fc5369d
Instruction Fuzzy Hash: E8619971E042196FDB44CFA4C891BE67791AB41328F384289F9919B2F3E276CB85C770

Function 201328A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON

Download Yara Rule

APIs

SetConsoleCtrlHandler.KERNEL32(20319F34,00000001,2036D4A8,00000014), ref: 2031A544
GetLastError.KERNEL32 ref: 2031A557

Strings

~5 , xrefs: 2031A496

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID: ConsoleCtrlErrorHandlerLast
String ID: ~5
API String ID: 3113525192-3966740050
Opcode ID: 7752cfec6939d4f58d3ea001dae0cb89a9de47538bbb3ae09700b5123d2393a1
Instruction ID: f48c288019543996c07fb50d2a48c0a3d399c463d8a4da62a41f2a7edb6c4853
Opcode Fuzzy Hash: 7752cfec6939d4f58d3ea001dae0cb89a9de47538bbb3ae09700b5123d2393a1
Instruction Fuzzy Hash: BE41EE72A08A018FCB1DDFD8D88169DF7E79F5E252F12006AE68697260DB34CDC4D671

Function 2014D0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 2014D213

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: e2572e6d83c2e07a439291588029c552dfcd453636868b52e31b15633a8e7276
Instruction ID: 218476f5c0b46af91da59b0d20f56fb70abba92b195d6e45346f8a231b4aec88
Opcode Fuzzy Hash: e2572e6d83c2e07a439291588029c552dfcd453636868b52e31b15633a8e7276
Instruction Fuzzy Hash: FF417073C043414FEB109AB89C41B9A7B95AF71320F14097DED95933E3D626E748C792

Function 201455D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 201456D1
winDelete, xrefs: 2014569C

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 0-1405699761
Opcode ID: 1bcf8e15e4132ce0e4d3a12cb3ba41675acd89acb8928081058e96e221566794
Instruction ID: b247111cf813a72530c6781aca79bf41076ad145e4ebdc7ed7da73b4af374602
Opcode Fuzzy Hash: 1bcf8e15e4132ce0e4d3a12cb3ba41675acd89acb8928081058e96e221566794
Instruction Fuzzy Hash: 94319172E056009BD7012FF89D889D6775CF704265F830636FA06C6173F629CEC4E6A1

Function 2014D300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 2014D3D5

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 6409a9a50835d5ef33472ee3eea0535f867394a55916fad7521744727f7a57ff
Instruction ID: 63f6dcdd6dbbffab88e283fc505db4d46cac282eae96349c7a13186eb75fd079
Opcode Fuzzy Hash: 6409a9a50835d5ef33472ee3eea0535f867394a55916fad7521744727f7a57ff
Instruction Fuzzy Hash: C93180F2D042245BDF104FD49C01B963799AB92378F2902A9F9546F3E2C267EE12D292

Function 2022DEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

sqlite_stat1, xrefs: 2022DF30
SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 2022DF4F

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1
API String ID: 0-3572622772
Opcode ID: 35e7862a249b36f69a62a397e81a266992ada28f5aa54e6190a0171a4bb8bcf8
Instruction ID: a302453e5e5b4c8c76eb3b38e5b0d5919ecb649c766f07c113cc0f4e42b76ad3
Opcode Fuzzy Hash: 35e7862a249b36f69a62a397e81a266992ada28f5aa54e6190a0171a4bb8bcf8
Instruction Fuzzy Hash: 4421CE71A017025FCB10DEE5EC80E2AB3A4EF91624F55412FFC46ABA52E720ED64CB95

Function 202C7E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

OsError 0x%lx (%lu), xrefs: 202C7ED9

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: OsError 0x%lx (%lu)
API String ID: 0-3720535092
Opcode ID: fdb1eeb1a30811d6e64a970a9681a2100dc1c2f5f481719121605010d84b431f
Instruction ID: a9a35661c2c01aa6fbc374bb63f7079e3482883e1539c642adfb6a34af83e5b9
Opcode Fuzzy Hash: fdb1eeb1a30811d6e64a970a9681a2100dc1c2f5f481719121605010d84b431f
Instruction Fuzzy Hash: 0121B072609A01ABE7025FA4DC09F5B37ACFF04256F040529FA09D1170EB38DDA0E7A2

Function 201687A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";, xrefs: 201687B9

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";
API String ID: 0-2843444156
Opcode ID: 29ab50fd7c7892fdef43afd9dacf57a481cb54c499c47c606431d4b1d3f64eaf
Instruction ID: 76a1c89c5c02daf041a9c8b07ec6c00afbac4db03fd60fa893530a32f0580081
Opcode Fuzzy Hash: 29ab50fd7c7892fdef43afd9dacf57a481cb54c499c47c606431d4b1d3f64eaf
Instruction Fuzzy Hash: 0711A771605800AFE2019759EC09FAB77ACFB84355F044129F904D7670E728ED96D7F5

Function 2013141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

InitializeCriticalSectionEx, xrefs: 20310E84
GetXStateFeaturesMask, xrefs: 20310E34

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: 8c2eaebf015f83ab5c4179d3f8e4990aaab249deb59cc2ed4c5fcb55c9486b87
Instruction ID: d03bd0bd2b804730795ce7eb7186abdd558b05e82596c46fa54b7bc9658ec77a
Opcode Fuzzy Hash: 8c2eaebf015f83ab5c4179d3f8e4990aaab249deb59cc2ed4c5fcb55c9486b87
Instruction Fuzzy Hash: 4E018431541518B7CB152BD18C05EDA7E19FB587A1F014412FE1879234DBB68CA0E6E0

Function 2015F740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 2015F752

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
API String ID: 0-2071071404
Opcode ID: dc14ae62dc6eb419a1343709bb89b44c74a2bbf3df29b65e3834ab25aa763ef0
Instruction ID: da7f3747440b347922460cf498d13c596689d859cd630c53693d3de7b09e7633
Opcode Fuzzy Hash: dc14ae62dc6eb419a1343709bb89b44c74a2bbf3df29b65e3834ab25aa763ef0
Instruction Fuzzy Hash: B311C671504900AFE3025BA8DC89FBB77ACFB98205F00012DF905D6571FB68AA89D772

Function 20165350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

F, xrefs: 2016539B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 725775116a09af284ede4a1a825eca54245fadccdf651c527566edf5512a80b7
Instruction ID: 67439f2540b6092484798db926a2de278af2fc83b5cda096b7d79b17245c2a44
Opcode Fuzzy Hash: 725775116a09af284ede4a1a825eca54245fadccdf651c527566edf5512a80b7
Instruction Fuzzy Hash: A7112EB16083408BD704DF55C85279BB7E4BFE8254F84486EF58A87390E774D648CB97

Function 2018EFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid = ?, xrefs: 2018F017

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: SELECT %s WHERE rowid = ?
API String ID: 0-866778640
Opcode ID: 01b93da87a0c93db0fe55400c40d38c90df8902efda3703116ba03d19f26d40a
Instruction ID: 6bed8d065ad7abcb14301f65d7a07368143f3f72832b87b2772f5c3dc268e887
Opcode Fuzzy Hash: 01b93da87a0c93db0fe55400c40d38c90df8902efda3703116ba03d19f26d40a
Instruction Fuzzy Hash: 031125722003099FE7205BDAEC80F92F7A4EB40321F10852EF55996641EB73BA958BA0

Function 20167200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

Strings

API call with %s database connection pointer, xrefs: 20167220
invalid, xrefs: 2016721B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$invalid
API String ID: 0-3574585026
Opcode ID: 1b881ec1e7840fb26d0719aca28d7d84d86cabb4d5ec584140a011cb1e341bdd
Instruction ID: 3b215657865d94a3759bcfa777da788ee5698272669f048ae74055f96708282a
Opcode Fuzzy Hash: 1b881ec1e7840fb26d0719aca28d7d84d86cabb4d5ec584140a011cb1e341bdd
Instruction Fuzzy Hash: ACF0F031B05E108BCA104FA8AC34BE377EAAF50321F0446ADF7A5D62A0D221FDA4C691

Function 201485B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem), xrefs: 201485B6

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem)
API String ID: 0-3640693396
Opcode ID: 9e032463f61d9664d701763e7a51452d71d90f7e5da865028e582db2ac0d3dec
Instruction ID: cc0f1c9ff52aaf5fc8b31f55835c65ffba635b86e29010e26d8f102c94b590bd
Opcode Fuzzy Hash: 9e032463f61d9664d701763e7a51452d71d90f7e5da865028e582db2ac0d3dec
Instruction Fuzzy Hash: 3DF0BB31A0435147C2419B5DFC01BCAB7D49FE1725F054167F844DB160D774EE828791

Function 20213C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

%z%s%z, xrefs: 20213C6B

Memory Dump Source

Source File: 00000002.00000002.3350896334.0000000020138000.00000020.00001000.00020000.00000000.sdmp, Offset: 20130000, based on PE: true

Associated: 00000002.00000002.3350875629.0000000020130000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020131000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.0000000020296000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3350896334.000000002033D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.000000002033F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352122309.0000000020372000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3352160364.000000002037F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_20130000_katC422.jbxd

Similarity

API ID:
String ID: %z%s%z
API String ID: 0-3434679432
Opcode ID: e3a8f7a7239dd231a51858e3b918586ff633c4db8bc2ad8faeab9860086258de
Instruction ID: cb5be2775f87bca02334faf4584e0d5c732cd2a8ecc118044cea76d132711e63
Opcode Fuzzy Hash: e3a8f7a7239dd231a51858e3b918586ff633c4db8bc2ad8faeab9860086258de
Instruction Fuzzy Hash: 38F082B09047029FEB108FA5DD81B63B2E9FF94214F04496FEC8692551E331FE998B91

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report pDHKarOK2v.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGIIDAEBGCAA\AAKEGD

C:\ProgramData\BGIIDAEBGCAA\AECAEC

C:\ProgramData\BGIIDAEBGCAA\BAFBFC

C:\ProgramData\BGIIDAEBGCAA\DHCFID

C:\ProgramData\BGIIDAEBGCAA\FCFBFH

C:\ProgramData\BGIIDAEBGCAA\HIDGCF

C:\ProgramData\BGIIDAEBGCAA\JEGHDA

C:\ProgramData\BGIIDAEBGCAA\JJJEGC

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll

C:\Users\user\AppData\Local\Temp\katC422.tmp

Static File Info

General

Windows Analysis Report
pDHKarOK2v.exe

Function 029FBEF0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317
threadmemoryfileCOMMON

Function 029FB250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191
filenativeCOMMON

Function 029FB510 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Function 029FB9B0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Function 029FC510 Relevance: .1, Instructions: 92
COMMON

Function 20144CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461
fileCOMMON

Function 2013FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134
fileCOMMON

Function 201604D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Function 20214140 Relevance: 47.7, APIs: 14, Strings: 13, Instructions: 461
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre